authorJan Kiszka <jan.kiszka@siemens.com>2018-04-26 13:00:30 +0200
committerRob Herring <robh@kernel.org>2018-04-26 21:18:13 -0500
commit83ef4777f5ff3689e6e52d3913a13d79aa25f1b5 (patch)
parentdtc: checks: drop warning for missing PCI bridge bus-range (diff)
of: overlay: Stop leaking resources on overlay removal
Only the overlay notifier callbacks have a chance to potentially get hold of references to those two resources, but they are not supposed to store them beyond OF_OVERLAY_POST_REMOVE. Document the overlay notifier API, its constraint regarding pointer lifetime, and then remove intentional leaks of ovcs->overlay_tree and ovcs->fdt from free_overlay_changeset. See also https://lkml.org/lkml/2018/4/23/1063 and following. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Frank Rowand <frowand.list@gmail.com> Signed-off-by: Rob Herring <robh@kernel.org>
diff --git a/Documentation/devicetree/overlay-notes.txt b/Documentation/devicetree/overlay-notes.txt
@@ -98,6 +98,14 @@ Finally, if you need to remove all overlays in one-go, just call
of_overlay_remove_all() which will remove every single one in the correct
+In addition, there is the option to register notifiers that get called on
+overlay operations. See of_overlay_notifier_register/unregister and
+enum of_overlay_notify_action for details.
+Note that a notifier callback is not supposed to store pointers to a device
+tree node or its content beyond OF_OVERLAY_POST_REMOVE corresponding to the
+respective node it received.
Overlay DTS Format
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
static BLOCKING_NOTIFIER_HEAD(overlay_notify_chain);
+ * of_overlay_notifier_register() - Register notifier for overlay operations
+ * @nb: Notifier block to register
+ *
+ * Register for notification on overlay operations on device tree nodes. The
+ * reported actions definied by @of_reconfig_change. The notifier callback
+ * furthermore receives a pointer to the affected device tree node.
+ *
+ * Note that a notifier callback is not supposed to store pointers to a device
+ * tree node or its content beyond @OF_OVERLAY_POST_REMOVE corresponding to the
+ * respective node it received.
+ */
int of_overlay_notifier_register(struct notifier_block *nb)
return blocking_notifier_chain_register(&overlay_notify_chain, nb);
+ * of_overlay_notifier_register() - Unregister notifier for overlay operations
+ * @nb: Notifier block to unregister
+ */
int of_overlay_notifier_unregister(struct notifier_block *nb)
return blocking_notifier_chain_unregister(&overlay_notify_chain, nb);
@@ -671,17 +687,13 @@ static void free_overlay_changeset(struct overlay_changeset *ovcs)
- * TODO
- *
- * would like to: kfree(ovcs->overlay_tree);
- * but can not since drivers may have pointers into this data
- *
- * would like to: kfree(ovcs->fdt);
- * but can not since drivers may have pointers into this data
+ * There should be no live pointers into ovcs->overlay_tree and
+ * ovcs->fdt due to the policy that overlay notifiers are not allowed
+ * to retain pointers into the overlay devicetree.
+ kfree(ovcs->overlay_tree);
+ kfree(ovcs->fdt);