Re: [PATCH] cpufreq: scmi: Fix of_node use-after-free in scmi_dev_used_by_cpus()

Next message: Guan-Yu Lin: "[PATCH v2 1/2] usb: offload: move device locking to callers in offload.c"
Previous message: Guan-Yu Lin: "[PATCH v2 0/2] usb: offload: Decouple interrupter lifecycle and refactor usage tracking"
Next in thread: Viresh Kumar: "Re: [PATCH] cpufreq: scmi: Fix of_node use-after-free in scmi_dev_used_by_cpus()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hans Zhang

Date: Sun Mar 08 2026 - 22:24:53 EST

On 3/3/26 12:20, Viresh Kumar wrote:

On 02-03-26, 23:53, Hans Zhang wrote:

In scmi_dev_used_by_cpus(), the code previously released the of_node
reference via of_node_put(np) before checking whether np equals scmi_np.
This could lead to a use-after-free if the node pointer was accessed
after being freed. Reorder the logic to perform the comparison first
and only put the node after the check, or immediately return if they
match. This ensures safe reference counting and avoids potential kernel
crashes.

It shouldn't lead to a use-after-free problem as we aren't using the `np` for
anything apart from simple comparison of value.

Hi Viresh,

Thank you very much for your reply. Then, do you think this patch is necessary? Or should I revise the commit message?

Best regards,
Hans