This is a note to let you know that I've just added the patch titled
mfd: qcom-spmi-pmic: Fix reference leaks in revid helper
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mfd-qcom-spmi-pmic-fix-reference-leaks-in-revid-helper.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From a0fa44c261e448c531f9adb3a5189a3520f3e316 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
Date: Tue, 3 Oct 2023 17:29:23 +0200
Subject: mfd: qcom-spmi-pmic: Fix reference leaks in revid helper
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
commit a0fa44c261e448c531f9adb3a5189a3520f3e316 upstream.
The Qualcomm SPMI PMIC revid implementation is broken in multiple ways.
First, it totally ignores struct device_node reference counting and
leaks references to the parent bus node as well as each child it
iterates over using an open-coded for_each_child_of_node().
Second, it leaks references to each spmi device on the bus that it
iterates over by failing to drop the reference taken by the
spmi_device_from_of() helper.
Fix the struct device_node leaks by reimplementing the lookup using
for_each_child_of_node() and adding the missing reference count
decrements. Fix the sibling struct device leaks by dropping the
unnecessary lookups of devices with the wrong USID.
Note that this still leaves one struct device reference leak in case a
base device is found but it is not the parent of the device used for the
lookup. This will be addressed in a follow-on patch.
Fixes: e9c11c6e3a0e ("mfd: qcom-spmi-pmic: expose the PMIC revid information to clients")
Cc: stable@xxxxxxxxxxxxxxx # 6.0
Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
Acked-by: Caleb Connolly <caleb.connolly@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20231003152927.15000-2-johan+linaro@xxxxxxxxxx
Signed-off-by: Lee Jones <lee@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/mfd/qcom-spmi-pmic.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
--- a/drivers/mfd/qcom-spmi-pmic.c
+++ b/drivers/mfd/qcom-spmi-pmic.c
@@ -81,7 +81,7 @@ static struct spmi_device *qcom_pmic_get
struct spmi_device *sdev;
struct qcom_spmi_dev *ctx;
struct device_node *spmi_bus;
- struct device_node *other_usid = NULL;
+ struct device_node *child;
int function_parent_usid, ret;
u32 pmic_addr;
@@ -105,28 +105,34 @@ static struct spmi_device *qcom_pmic_get
* device for USID 2.
*/
spmi_bus = of_get_parent(sdev->dev.of_node);
- do {
- other_usid = of_get_next_child(spmi_bus, other_usid);
-
- ret = of_property_read_u32_index(other_usid, "reg", 0, &pmic_addr);
- if (ret)
- return ERR_PTR(ret);
+ sdev = ERR_PTR(-ENODATA);
+ for_each_child_of_node(spmi_bus, child) {
+ ret = of_property_read_u32_index(child, "reg", 0, &pmic_addr);
+ if (ret) {
+ of_node_put(child);
+ sdev = ERR_PTR(ret);
+ break;
+ }
- sdev = spmi_device_from_of(other_usid);
if (pmic_addr == function_parent_usid - (ctx->num_usids - 1)) {
- if (!sdev)
+ sdev = spmi_device_from_of(child);
+ if (!sdev) {
/*
* If the base USID for this PMIC hasn't probed yet
* but the secondary USID has, then we need to defer
* the function driver so that it will attempt to
* probe again when the base USID is ready.
*/
- return ERR_PTR(-EPROBE_DEFER);
- return sdev;
+ sdev = ERR_PTR(-EPROBE_DEFER);
+ }
+ of_node_put(child);
+ break;
}
- } while (other_usid->sibling);
+ }
+
+ of_node_put(spmi_bus);
- return ERR_PTR(-ENODATA);
+ return sdev;
}
static int pmic_spmi_load_revid(struct regmap *map, struct device *dev,
Patches currently in stable-queue which might be from johan+linaro@xxxxxxxxxx are
queue-6.5/wifi-ath11k-fix-dfs-radar-event-locking.patch
queue-6.5/mfd-qcom-spmi-pmic-fix-revid-implementation.patch
queue-6.5/wifi-ath11k-fix-gtk-offload-status-event-locking.patch
queue-6.5/wifi-ath12k-fix-dfs-radar-and-temperature-event-locking.patch
queue-6.5/wifi-ath12k-fix-htt-mlo-offset-event-locking.patch
queue-6.5/wifi-ath11k-fix-htt-pktlog-locking.patch
queue-6.5/wifi-ath11k-fix-temperature-event-locking.patch
queue-6.5/mfd-qcom-spmi-pmic-fix-reference-leaks-in-revid-helper.patch
