[bug report] mtd: rawnand: Add Loongson-1 NAND Controller Driver
Keguang Zhang
keguang.zhang at gmail.com
Tue May 6 19:19:18 PDT 2025
On Sat, May 3, 2025 at 12:04 AM Laurent Pinchart
<laurent.pinchart at ideasonboard.com> wrote:
>
> On Fri, May 02, 2025 at 10:53:03AM +0300, Dan Carpenter wrote:
> > Hello Keguang Zhang,
> >
> > Commit d2d10ede04b1 ("mtd: rawnand: Add Loongson-1 NAND Controller
> > Driver") from Mar 20, 2025 (linux-next), leads to the following
> > Smatch static checker warning:
> >
> > drivers/mtd/nand/raw/loongson1-nand-controller.c:730 ls1x_nand_chip_init()
> > warn: inconsistent refcounting 'chip_np->kobj.kref.refcount.refs.counter':
> >
> > drivers/mtd/nand/raw/loongson1-nand-controller.c
> > 690 static int ls1x_nand_chip_init(struct ls1x_nand_host *host)
> > 691 {
> > 692 struct device *dev = host->dev;
> > 693 int nchips = of_get_child_count(dev->of_node);
> > 694 struct device_node *chip_np;
> > 695 struct nand_chip *chip = &host->chip;
> > 696 struct mtd_info *mtd = nand_to_mtd(chip);
> > 697 int ret;
> > 698
> > 699 if (nchips != 1)
> > 700 return dev_err_probe(dev, -EINVAL, "Currently one NAND chip supported\n");
> > 701
> > 702 chip_np = of_get_next_child(dev->of_node, NULL);
> >
> >
> > The of_get_next_child() function drops the reference on the current
> > child. That's probably not what we want to happen. This is similar to
> > a discussion we were having earlier about of_find_node_by_name().
>
> The current child here is NULL, so I don't think there's an issue.
>
> > Then it takes a reference to the new child.
>
> *That* causes issues that you outlined below.
>
> >
> > 703 if (!chip_np)
> > 704 return dev_err_probe(dev, -ENODEV, "failed to get child node for NAND chip\n");
> > 705
> > 706 chip->controller = &host->controller;
> > 707 chip->options = NAND_NO_SUBPAGE_WRITE | NAND_USES_DMA | NAND_BROKEN_XD;
> > 708 chip->buf_align = 16;
> > 709 nand_set_controller_data(chip, host);
> > 710 nand_set_flash_node(chip, chip_np);
of_node_put(chip_np);
By adding the line above, all other of_node_put(chip_np) calls can be removed.
Thanks for reviewing!
> > 711 if (!mtd->name)
> > 712 return dev_err_probe(dev, -EINVAL, "Missing MTD label\n");
> >
> > of_node_put(chip_np) before returning.
> >
> > 713
> > 714 mtd->dev.parent = dev;
> > 715 mtd->owner = THIS_MODULE;
> > 716
> > 717 ret = nand_scan(chip, 1);
> > 718 if (ret) {
> > 719 of_node_put(chip_np);
> > 720 return dev_err_probe(dev, ret, "failed to scan NAND chip\n");
> > 721 }
> > 722
> > 723 ret = mtd_device_register(mtd, NULL, 0);
> > 724 if (ret) {
> > 725 nand_cleanup(chip);
> > 726 of_node_put(chip_np);
> > 727 return dev_err_probe(dev, ret, "failed to register MTD device\n");
> > 728 }
> > 729
> >
> > I think we want to call of_node_put(chip_np) before returning on the
> > success path as well?
>
> I would instead declare the chip_np variable as
>
> struct device_node *chip_np __free(of_node_put) = NULL;
>
> and drop all the of_node_put(chip_np) calls.
>
> > --> 730 return 0;
> > 731 }
>
> --
> Regards,
>
> Laurent Pinchart
--
Best regards,
Keguang Zhang
More information about the linux-mtd
mailing list