On Thu, May 09, 2024 at 12:13:41AM +0000, Kuninori Morimoto wrote:
>
> Hi Dan
>
> > Hello Kuninori Morimoto,
> >
> > Commit c3a15c92a67b ("ASoC: audio-graph-card2: add Codec2Codec
> > support") from Oct 12, 2021 (linux-next), leads to the following
> > Smatch static checker warning:
> >
> > sound/soc/generic/audio-graph-card2.c:1206 graph_count_c2c()
> > warn: already decremented on line 1206 'lnk->kobj.kref.refcount.refs.counter'
> >
> > sound/soc/generic/audio-graph-card2.c
> > 1194 static int graph_count_c2c(struct simple_util_priv *priv,
> > 1195 struct device_node *lnk,
> > 1196 struct link_info *li)
> > 1197 {
> > 1198 struct device_node *ports = of_get_parent(lnk);
> > 1199 struct device_node *port0 = lnk;
> > 1200 struct device_node *port1 = of_get_next_child(ports, lnk);
> > ^^^
> >
> > This calls of_node_put() on lnk.
> >
> > 1201 struct device_node *ep0 = port_to_endpoint(port0);
> > 1202 struct device_node *ep1 = port_to_endpoint(port1);
> > 1203 struct device_node *codec0 = of_graph_get_remote_port(ep0);
> > 1204 struct device_node *codec1 = of_graph_get_remote_port(ep1);
> > 1205
> > --> 1206 of_node_get(lnk);
> >
> > So this of_node_get() undoes the put. But if the reference count
> > dropped to zero then this would be a use afer free.
>
> Thank you for pointing it.
>
> This "lnk" is used as "port0", and of_node_get(lnk) was for it,
> but this function doesn't call of_node_put(port0).
> So yes, indeed this of_node_get() is not needed.
> Let's remove it.
No no... of_get_next_child() will drop the reference. It is needed.
The point is we should take the reference first before calling
of_get_next_child().
Maybe something like this:
struct device_node *port1 = of_get_next_child(ports, of_node_get(lnk));
regards,
dan carpenter
[Index of Archives]
[Pulseaudio]
[Linux Audio Users]
[ALSA Devel]
[Fedora Desktop]
[Fedora SELinux]
[Big List of Linux Books]
[Yosemite News]
[KDE Users]
