Commit 5cb9606a authored by Bartosz Golaszewski's avatar Bartosz Golaszewski
Browse files

gpio: sim: fix an invalid __free() usage 



gpio_sim_make_line_names() returns NULL or ERR_PTR() so we must not use
__free(kfree) on the returned address. Split this function into two, one
that determines the size of the "gpio-line-names" array to allocate and
one that actually sets the names at correct offsets. The allocation and
assignment of the managed pointer happens in between.

Fixes: 3faf89f2 ("gpio: sim: simplify code with cleanup helpers")
Reported-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Closes: https://lore.kernel.org/all/07c32bf1-6c1a-49d9-b97d-f0ae4a2b42ab@p183/


Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarBartosz Golaszewski <bartosz.golaszewski@linaro.org>
parent b547b5e5

drivers/gpio/gpio-sim.c

+23 −37
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ 
#include <linux/irq.h>

#include <linux/irq_sim.h>

#include <linux/list.h>

#include <linux/minmax.h>

#include <linux/mod_devicetable.h>

#include <linux/module.h>

#include <linux/mutex.h>
@@ -685,52 +686,32 @@ gpio_sim_device_config_live_show(struct config_item *item, char *page) 
	return sprintf(page, "%c\n", live ? '1' : '0');

}



static char **gpio_sim_make_line_names(struct gpio_sim_bank *bank,

				       unsigned int *line_names_size)

static unsigned int gpio_sim_get_line_names_size(struct gpio_sim_bank *bank)

{

	unsigned int max_offset = 0;

	bool has_line_names = false;

	struct gpio_sim_line *line;

	char **line_names;

	unsigned int size = 0;



	list_for_each_entry(line, &bank->line_list, siblings) {

		if (line->offset >= bank->num_lines)

		if (!line->name || (line->offset >= bank->num_lines))

			continue;



		if (line->name) {

			if (line->offset > max_offset)

				max_offset = line->offset;



			/*

			 * max_offset can stay at 0 so it's not an indicator

			 * of whether line names were configured at all.

			 */

			has_line_names = true;

		}

		size = max(size, line->offset + 1);

	}



	if (!has_line_names)

		/*

		 * This is not an error - NULL means, there are no line

		 * names configured.

		 */

		return NULL;



	*line_names_size = max_offset + 1;

	return size;

}



	line_names = kcalloc(*line_names_size, sizeof(*line_names), GFP_KERNEL);

	if (!line_names)

		return ERR_PTR(-ENOMEM);

static void

gpio_sim_set_line_names(struct gpio_sim_bank *bank, char **line_names)

{

	struct gpio_sim_line *line;



	list_for_each_entry(line, &bank->line_list, siblings) {

		if (line->offset >= bank->num_lines)

		if (!line->name || (line->offset >= bank->num_lines))

			continue;



		if (line->name && (line->offset <= max_offset))

		line_names[line->offset] = line->name;

	}



	return line_names;

}



static void gpio_sim_remove_hogs(struct gpio_sim_device *dev)
@@ -834,7 +815,7 @@ gpio_sim_make_bank_swnode(struct gpio_sim_bank *bank, 
			  struct fwnode_handle *parent)

{

	struct property_entry properties[GPIO_SIM_PROP_MAX];

	unsigned int prop_idx = 0, line_names_size = 0;

	unsigned int prop_idx = 0, line_names_size;

	char **line_names __free(kfree) = NULL;



	memset(properties, 0, sizeof(properties));
@@ -845,14 +826,19 @@ gpio_sim_make_bank_swnode(struct gpio_sim_bank *bank, 
		properties[prop_idx++] = PROPERTY_ENTRY_STRING("gpio-sim,label",

							       bank->label);



	line_names = gpio_sim_make_line_names(bank, &line_names_size);

	if (IS_ERR(line_names))

		return ERR_CAST(line_names);

	line_names_size = gpio_sim_get_line_names_size(bank);

	if (line_names_size) {

		line_names = kcalloc(line_names_size, sizeof(*line_names),

				     GFP_KERNEL);

		if (!line_names)

			return ERR_PTR(-ENOMEM);



		gpio_sim_set_line_names(bank, line_names);



	if (line_names)

		properties[prop_idx++] = PROPERTY_ENTRY_STRING_ARRAY_LEN(

						"gpio-line-names",

						line_names, line_names_size);

	}



	return fwnode_create_software_node(properties, parent);

}