forked from Minki/linux
b1725c9319
The functions of_find_compatible_node and of_find_node_by_type both call of_node_get on their result. So any error handling code thereafter should call of_node_put(np). This is taken care of in the case where there is a goto out, but not when there is a direct return. The function irq_alloc_host puts np into the returned structure, which is stored in the global variable mpc8xx_pic_host, so the reference count should be set for the lifetime of that variable. The current solution ups the reference count again in the argument to irq_alloc_host so that it can be decremented on the way out. This seems a bit unnecessary, and also doesn't work in the case where irq_alloc_host fails, because then the reference count only goes does by one, whereas it should go down by two. A better solution is to not increment the reference count in the argument to irq_alloc_host and only decrement it on the way out in an error case. The problem was found using the following semantic match. (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ type T,T1,T2; identifier E; statement S; expression x1,x2,x3; int ret; @@ T E; ... * E = \(of_get_parent\|of_find_compatible_node\)(...); if (E == NULL) S ... when != of_node_put(...,(T1)E,...) when != if (E != NULL) { ... of_node_put(...,(T1)E,...); ...} when != x1 = (T1)E when != E = x3; when any if (...) { ... when != of_node_put(...,(T2)E,...) when != if (E != NULL) { ... of_node_put(...,(T2)E,...); ...} when != x2 = (T2)E ( * return; | * return ret; ) } // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Kumar Gala <galak@gate.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Paul Mackerras <paulus@samba.org> |
||
---|---|---|
.. | ||
boot | ||
configs | ||
kernel | ||
lib | ||
math-emu | ||
mm | ||
oprofile | ||
platforms | ||
sysdev | ||
xmon | ||
.gitignore | ||
Kconfig | ||
Kconfig.debug | ||
Makefile |