[PATCH 02/12] software node: Increment parent node's ref count

From: Heikki Krogerus
Date: Fri Mar 15 2019 - 12:59:13 EST


If the parent node is removed before its children, release()
may be called first for the parent instead of the last child
when the child's ref count reaches zero. Since the nodes
release their parent's resources in the release callback,
that would cause NULL pointer dereference to happen. To
prevent that from ever happening, incrementing the parent
node's reference count when creating a new child node and
decrementing it when the child node is "released".

Signed-off-by: Heikki Krogerus <heikki.krogerus@xxxxxxxxxxxxxxx>
---
drivers/base/swnode.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/base/swnode.c b/drivers/base/swnode.c
index 3a50a8edd3d3..8d4485d8d0f8 100644
--- a/drivers/base/swnode.c
+++ b/drivers/base/swnode.c
@@ -560,6 +560,7 @@ static void software_node_release(struct kobject *kobj)
if (swnode->parent) {
ida_simple_remove(&swnode->parent->child_ids, swnode->id);
list_del(&swnode->entry);
+ kobject_put(&swnode->parent->kobj);
} else {
ida_simple_remove(&swnode_root_ids, swnode->id);
}
@@ -610,8 +611,10 @@ fwnode_create_software_node(const struct property_entry *properties,
INIT_LIST_HEAD(&swnode->children);
swnode->parent = p;

- if (p)
+ if (p) {
+ kobject_get(&p->kobj);
list_add_tail(&swnode->entry, &p->children);
+ }

ret = kobject_init_and_add(&swnode->kobj, &software_node_type,
p ? &p->kobj : NULL, "node%d", swnode->id);
--
2.20.1