From b1725c9319aae42d7bd1159fc99e033d5a3076f8 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Mon, 4 Feb 2008 23:34:59 -0800 Subject: [PATCH] [POWERPC] arch/powerpc/sysdev: Add missing of_node_put The functions of_find_compatible_node and of_find_node_by_type both call of_node_get on their result. So any error handling code thereafter should call of_node_put(np). This is taken care of in the case where there is a goto out, but not when there is a direct return. The function irq_alloc_host puts np into the returned structure, which is stored in the global variable mpc8xx_pic_host, so the reference count should be set for the lifetime of that variable. The current solution ups the reference count again in the argument to irq_alloc_host so that it can be decremented on the way out. This seems a bit unnecessary, and also doesn't work in the case where irq_alloc_host fails, because then the reference count only goes does by one, whereas it should go down by two. A better solution is to not increment the reference count in the argument to irq_alloc_host and only decrement it on the way out in an error case. The problem was found using the following semantic match. (http://www.emn.fr/x-info/coccinelle/) // @@ type T,T1,T2; identifier E; statement S; expression x1,x2,x3; int ret; @@ T E; ... * E = \(of_get_parent\|of_find_compatible_node\)(...); if (E == NULL) S ... when != of_node_put(...,(T1)E,...) when != if (E != NULL) { ... of_node_put(...,(T1)E,...); ...} when != x1 = (T1)E when != E = x3; when any if (...) { ... when != of_node_put(...,(T2)E,...) when != if (E != NULL) { ... of_node_put(...,(T2)E,...); ...} when != x2 = (T2)E ( * return; | * return ret; ) } // Signed-off-by: Julia Lawall Cc: Stephen Rothwell Cc: Benjamin Herrenschmidt Cc: Kumar Gala Signed-off-by: Andrew Morton Signed-off-by: Paul Mackerras --- arch/powerpc/sysdev/mpc8xx_pic.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/sysdev/mpc8xx_pic.c b/arch/powerpc/sysdev/mpc8xx_pic.c index 0e74a4b..5d2d552 100644 --- a/arch/powerpc/sysdev/mpc8xx_pic.c +++ b/arch/powerpc/sysdev/mpc8xx_pic.c @@ -174,15 +174,19 @@ int mpc8xx_pic_init(void) goto out; siu_reg = ioremap(res.start, res.end - res.start + 1); - if (siu_reg == NULL) - return -EINVAL; + if (siu_reg == NULL) { + ret = -EINVAL; + goto out; + } - mpc8xx_pic_host = irq_alloc_host(of_node_get(np), IRQ_HOST_MAP_LINEAR, + mpc8xx_pic_host = irq_alloc_host(np, IRQ_HOST_MAP_LINEAR, 64, &mpc8xx_pic_host_ops, 64); if (mpc8xx_pic_host == NULL) { printk(KERN_ERR "MPC8xx PIC: failed to allocate irq host!\n"); ret = -ENOMEM; + goto out; } + return 0; out: of_node_put(np); -- 1.8.2.3