[PATCH v10 06/11] nvmem: qcom-spmi-sdam: Migrate to devm_spmi_subdevice_alloc_and_add()
sashiko-bot at kernel.org
sashiko-bot at kernel.org
Tue Jul 7 01:50:21 PDT 2026
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
New issues:
- [High] The reference to the parent SPMI device acquired via `spmi_find_device_by_of_node()` is leaked on both success and error paths.
- [Low] Returning a pointer (`ERR_PTR`) from an integer-returning function causes a type mismatch and build warning.
Pre-existing issues:
- [High] The upper half of the SDAM memory cannot be accessed via the nvmem API due to a bound restriction mismatch.
--
--- Patch [6]: [PATCH v10 06/11] nvmem: qcom-spmi-sdam: Migrate to devm_spmi_subdevice_alloc_and_add() ---
commit 8fe2831bc2e512389dd631ef16ab000bbe8f6706
Author: AngeloGioacchino Del Regno <angelogioacchino.delregno at collabora.com>
nvmem: qcom-spmi-sdam: Migrate to devm_spmi_subdevice_alloc_and_add()
Some Qualcomm PMICs integrate a SDAM device, internally located in
a specific address range reachable through SPMI communication.
Instead of using the parent SPMI device (the main PMIC) as a kind
of syscon in this driver, register a new SPMI sub-device for SDAM
and initialize its own regmap with this sub-device's specific base
address, retrieved from the devicetree.
> diff --git a/drivers/nvmem/qcom-spmi-sdam.c b/drivers/nvmem/qcom-spmi-sdam.c
> index 4f1cca6eab71e..3ad842676dde5 100644
> --- a/drivers/nvmem/qcom-spmi-sdam.c
> +++ b/drivers/nvmem/qcom-spmi-sdam.c
[ ... ]
> @@ -110,28 +110,47 @@ static int sdam_write(void *priv, unsigned int offset, void *val,
>
> static int sdam_probe(struct platform_device *pdev)
> {
> + struct regmap_config sdam_regmap_config = {
> + .reg_bits = 16,
> + .val_bits = 8,
> + .max_register = 0xff,
> + .fast_io = true,
> + };
> struct sdam_chip *sdam;
> struct nvmem_device *nvmem;
> + struct spmi_device *sparent;
> + struct spmi_subdevice *sub_sdev;
> + struct device *dev = &pdev->dev;
> unsigned int val;
> int rc;
>
> + if (!dev->parent)
> + return -ENODEV;
> +
> sdam = devm_kzalloc(&pdev->dev, sizeof(*sdam), GFP_KERNEL);
> if (!sdam)
> return -ENOMEM;
>
> - sdam->regmap = dev_get_regmap(pdev->dev.parent, NULL);
> - if (!sdam->regmap) {
> - dev_err(&pdev->dev, "Failed to get regmap handle\n");
> - return -ENXIO;
> - }
> + sparent = spmi_find_device_by_of_node(dev->parent->of_node);
> + if (!sparent)
> + return ERR_PTR(-ENODEV);
[Severity: Low]
Does returning ERR_PTR(-ENODEV) here cause a compiler warning?
Since sdam_probe() returns an int, this implicitly casts a pointer to an
integer. This triggers a -Wint-conversion warning, which results in a build
failure on modern compiler configurations using -Werror=int-conversion.
[Severity: High]
Does this code leak the sparent device reference?
spmi_find_device_by_of_node() internally invokes bus_find_device_by_of_node(),
which returns a device with an incremented reference count via get_device().
I don't see a corresponding put_device(&sparent->dev) on the success or
error paths before returning from sdam_probe(). Because
devm_spmi_subdevice_alloc_and_add() registers the device but does not assume
ownership of this specific reference, the parent PMIC device object appears
to be permanently leaked on every probe.
> +
> + sub_sdev = devm_spmi_subdevice_alloc_and_add(dev, sparent);
> + if (IS_ERR(sub_sdev))
> + return PTR_ERR(sub_sdev);
[ ... ]
> @@ -159,7 +178,7 @@ static int sdam_probe(struct platform_device *pdev)
> }
> dev_dbg(&pdev->dev,
> "SDAM base=%#x size=%u registered successfully\n",
> - sdam->base, sdam->size);
> + sdam_regmap_config.reg_base, sdam->size);
[Severity: High]
This is a pre-existing issue, but does setting the nvmem framework size limit
to sdam->size earlier in this function restrict the maximum readable offsets
incorrectly?
The driver maps physical memory starting at SDAM_MEM_START (0x40), and
sdam_is_valid() mandates that the input offset must be >= 0x40.
However, configuring sdam->sdam_config.size = sdam->size forces nvmem
consumers to pass an offset strictly less than sdam->size. This permits
access to only a fraction of the intended size, completely blocking access
to the upper portion of the SDAM memory block which are valid physical
SDAM registers approved by sdam_is_valid().
>
> return 0;
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260707083730.33977-1-angelogioacchino.delregno@collabora.com?part=6
More information about the linux-phy
mailing list