tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
gpio: sim: fix an invalid __free() usage
gpio_sim_make_line_names() returns NULL or ERR_PTR() so we must not use
__free(kfree) on the returned address. Split this function into two, one
that determines the size of the "gpio-line-names" array to allocate and
one that actually sets the names at correct offsets. The allocation and
assignment of the managed pointer happens in between.
Fixes: 3faf89f27aab ("gpio: sim: simplify code with cleanup helpers")
Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Closes: https://lore.kernel.org/all/07c32bf1-6c1a-49d9-b97d-f0ae4a2b42ab@p183/
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
+23
-37
+23
-37
drivers/gpio/gpio-sim.c
+23
-37
drivers/gpio/gpio-sim.c
···
19
19
#include <linux/irq.h>
20
20
#include <linux/irq_sim.h>
21
21
#include <linux/list.h>
22
+
#include <linux/minmax.h>
22
23
#include <linux/mod_devicetable.h>
23
24
#include <linux/module.h>
24
25
#include <linux/mutex.h>
···
686
685
return sprintf(page, "%c\n", live ? '1' : '0');
687
686
}
688
687
689
-
static char **gpio_sim_make_line_names(struct gpio_sim_bank *bank,
690
-
unsigned int *line_names_size)
688
+
static unsigned int gpio_sim_get_line_names_size(struct gpio_sim_bank *bank)
691
689
{
692
-
unsigned int max_offset = 0;
693
-
bool has_line_names = false;
694
690
struct gpio_sim_line *line;
695
-
char **line_names;
691
+
unsigned int size = 0;
696
692
697
693
list_for_each_entry(line, &bank->line_list, siblings) {
698
-
if (line->offset >= bank->num_lines)
694
+
if (!line->name || (line->offset >= bank->num_lines))
699
695
continue;
700
696
701
-
if (line->name) {
702
-
if (line->offset > max_offset)
703
-
max_offset = line->offset;
704
-
705
-
/*
706
-
* max_offset can stay at 0 so it's not an indicator
707
-
* of whether line names were configured at all.
708
-
*/
709
-
has_line_names = true;
710
-
}
697
+
size = max(size, line->offset + 1);
711
698
}
712
699
713
-
if (!has_line_names)
714
-
/*
715
-
* This is not an error - NULL means, there are no line
716
-
* names configured.
717
-
*/
718
-
return NULL;
700
+
return size;
701
+
}
719
702
720
-
*line_names_size = max_offset + 1;
721
-
722
-
line_names = kcalloc(*line_names_size, sizeof(*line_names), GFP_KERNEL);
723
-
if (!line_names)
724
-
return ERR_PTR(-ENOMEM);
703
+
static void
704
+
gpio_sim_set_line_names(struct gpio_sim_bank *bank, char **line_names)
705
+
{
706
+
struct gpio_sim_line *line;
725
707
726
708
list_for_each_entry(line, &bank->line_list, siblings) {
727
-
if (line->offset >= bank->num_lines)
709
+
if (!line->name || (line->offset >= bank->num_lines))
728
710
continue;
729
711
730
-
if (line->name && (line->offset <= max_offset))
731
-
line_names[line->offset] = line->name;
712
+
line_names[line->offset] = line->name;
732
713
}
733
-
734
-
return line_names;
735
714
}
736
715
737
716
static void gpio_sim_remove_hogs(struct gpio_sim_device *dev)
···
815
834
struct fwnode_handle *parent)
816
835
{
817
836
struct property_entry properties[GPIO_SIM_PROP_MAX];
818
-
unsigned int prop_idx = 0, line_names_size = 0;
837
+
unsigned int prop_idx = 0, line_names_size;
819
838
char **line_names __free(kfree) = NULL;
820
839
821
840
memset(properties, 0, sizeof(properties));
···
826
845
properties[prop_idx++] = PROPERTY_ENTRY_STRING("gpio-sim,label",
827
846
bank->label);
828
847
829
-
line_names = gpio_sim_make_line_names(bank, &line_names_size);
830
-
if (IS_ERR(line_names))
831
-
return ERR_CAST(line_names);
848
+
line_names_size = gpio_sim_get_line_names_size(bank);
849
+
if (line_names_size) {
850
+
line_names = kcalloc(line_names_size, sizeof(*line_names),
851
+
GFP_KERNEL);
852
+
if (!line_names)
853
+
return ERR_PTR(-ENOMEM);
832
854
833
-
if (line_names)
855
+
gpio_sim_set_line_names(bank, line_names);
856
+
834
857
properties[prop_idx++] = PROPERTY_ENTRY_STRING_ARRAY_LEN(
835
858
"gpio-line-names",
836
859
line_names, line_names_size);
860
+
}
837
861
838
862
return fwnode_create_software_node(properties, parent);
839
863
}