[PATCH v2] sbus/char: Fix refcount leak bugs in openprom.c

From: Liang He
Date: Mon Jun 20 2022 - 11:32:27 EST


In opiocgetnext(), we need a of_node_put() to keep refcount balance.

NOTE: we should not change 'dp' as it will used as the arg of
of_node_put().

Signed-off-by: Liang He <windhl@xxxxxxx>
---
changelog:

v2: (1) consider of_find_node_by_path() and of_find_node_by_phandle()
v1: this is a wrong patch as dp has been updated by its sibling or
child.


drivers/sbus/char/openprom.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c
index 30b9751aad30..b5907e0c24e5 100644
--- a/drivers/sbus/char/openprom.c
+++ b/drivers/sbus/char/openprom.c
@@ -494,7 +494,7 @@ static int opiocset(void __user *argp, DATA *data)

static int opiocgetnext(unsigned int cmd, void __user *argp)
{
- struct device_node *dp;
+ struct device_node *dp, *tp;
phandle nd;

BUILD_BUG_ON(sizeof(phandle) != sizeof(int));
@@ -506,18 +506,24 @@ static int opiocgetnext(unsigned int cmd, void __user *argp)
if (cmd != OPIOCGETNEXT)
return -EINVAL;
dp = of_find_node_by_path("/");
+ if (dp)
+ nd = dp->phandle;
} else {
dp = of_find_node_by_phandle(nd);
nd = 0;
if (dp) {
if (cmd == OPIOCGETNEXT)
- dp = dp->sibling;
+ tp = dp->sibling;
else
- dp = dp->child;
+ tp = dp->child;
}
+
+ if (tp)
+ nd = tp->phandle;
}
- if (dp)
- nd = dp->phandle;
+
+ of_node_put(dp);
+
if (copy_to_user(argp, &nd, sizeof(phandle)))
return -EFAULT;

--
2.25.1