[PATCH 3/8] of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
From: Zijun Hu
Date: Mon Dec 09 2024 - 08:32:28 EST
From: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
of_irq_parse_raw() will return when meet condition (@ipar == @newpar)
but Refcount of device node @out_irq->np was increased twice when
directly return there, hence causes @out_irq->np refcount leakage.
Fix by putting @out_irq->np refcount before returning there.
Fixes: 041284181226 ("of/irq: Allow matching of an interrupt-map local to an interrupt controller")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
---
drivers/of/irq.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/of/irq.c b/drivers/of/irq.c
index 758eb9b3714868112e83469d131b244ce77d4e82..cb39624a5e7799b9d2f4525f42dac4cd921ab403 100644
--- a/drivers/of/irq.c
+++ b/drivers/of/irq.c
@@ -310,6 +310,12 @@ int of_irq_parse_raw(const __be32 *addr, struct of_phandle_args *out_irq)
addrsize = (imap - match_array) - intsize;
if (ipar == newpar) {
+ /*
+ * Has got @ipar's refcount, but the refcount was
+ * got again by of_irq_parse_imap_parent() via its
+ * alias @newpair.
+ */
+ of_node_put(ipar);
pr_debug("%pOF interrupt-map entry to self\n", ipar);
return 0;
}
--
2.34.1