This is a note to let you know that I've just added the patch titled
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
of-dynamic-synchronize-of_changeset_destroy-with-the-devlink-removals.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 8917e7385346bd6584890ed362985c219fe6ae84 Mon Sep 17 00:00:00 2001
From: Herve Codina <herve.codina@xxxxxxxxxxx>
Date: Mon, 25 Mar 2024 16:21:26 +0100
Subject: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
From: Herve Codina <herve.codina@xxxxxxxxxxx>
commit 8917e7385346bd6584890ed362985c219fe6ae84 upstream.
In the following sequence:
1) of_platform_depopulate()
2) of_overlay_remove()
During the step 1, devices are destroyed and devlinks are removed.
During the step 2, OF nodes are destroyed but
__of_changeset_entry_destroy() can raise warnings related to missing
of_node_put():
ERROR: memory leak, expected refcount 1 instead of 2 ...
Indeed, during the devlink removals performed at step 1, the removal
itself releasing the device (and the attached of_node) is done by a job
queued in a workqueue and so, it is done asynchronously with respect to
function calls.
When the warning is present, of_node_put() will be called but wrongly
too late from the workqueue job.
In order to be sure that any ongoing devlink removals are done before
the of_node destruction, synchronize the of_changeset_destroy() with the
devlink removals.
Fixes: 80dd33cf72d1 ("drivers: base: Fix device link removal")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Herve Codina <herve.codina@xxxxxxxxxxx>
Reviewed-by: Saravana Kannan <saravanak@xxxxxxxxxx>
Tested-by: Luca Ceresoli <luca.ceresoli@xxxxxxxxxxx>
Reviewed-by: Nuno Sa <nuno.sa@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20240325152140.198219-3-herve.codina@xxxxxxxxxxx
Signed-off-by: Rob Herring <robh@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/of/dynamic.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/of/dynamic.c
+++ b/drivers/of/dynamic.c
@@ -9,6 +9,7 @@
#define pr_fmt(fmt) "OF: " fmt
+#include <linux/device.h>
#include <linux/of.h>
#include <linux/spinlock.h>
#include <linux/slab.h>
@@ -667,6 +668,17 @@ void of_changeset_destroy(struct of_chan
{
struct of_changeset_entry *ce, *cen;
+ /*
+ * When a device is deleted, the device links to/from it are also queued
+ * for deletion. Until these device links are freed, the devices
+ * themselves aren't freed. If the device being deleted is due to an
+ * overlay change, this device might be holding a reference to a device
+ * node that will be freed. So, wait until all already pending device
+ * links are deleted before freeing a device node. This ensures we don't
+ * free any device node that has a non-zero reference count.
+ */
+ device_link_wait_removal();
+
list_for_each_entry_safe_reverse(ce, cen, &ocs->entries, node)
__of_changeset_entry_destroy(ce);
}
Patches currently in stable-queue which might be from herve.codina@xxxxxxxxxxx are
queue-6.6/of-dynamic-synchronize-of_changeset_destroy-with-the-devlink-removals.patch
queue-6.6/driver-core-introduce-device_link_wait_removal.patch
