[PATCH 0/1] software node: Use-after-free fix in drivers/base/swnode.c

Next message: Frank Li: "Re: [PATCH v5 2/3] arm64: dts: freescale: Add support for Variscite DART-MX95"
Previous message: mike . isely: "[PATCH 1/1] sofware node: Only the managing device can unreference managed software node"
Next in thread: mike . isely: "[PATCH 1/1] sofware node: Only the managing device can unreference managed software node"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: mike . isely

Date: Tue Feb 24 2026 - 14:25:13 EST

From: Mike Isely <mike.isely@xxxxxxxxxxxxxxxxx>

Correct issue in drivers/base/swnode.c that can lead to use-after-free
due to kobject reference counting error, which itself is due to
incorrect behavior with the "managed" struct swnode flag in
circumstances involving child struct device instances where the parent
struct device is managing a struct swnode.

Use-after-free in this case led to an Oops and a subsequent kernel
memory leak, but realistically it's kernel heap corruption, so any
manner of chaos can result, if left unaddressed.

This was detected in kernel 6.12, verified also in kernel 6.6. Visual
inspection in 6.19.3 source (the latest as of right now) shows the
same issue. The nearly trivial fix was verified in 6.12. While this
patches against 6.19.3, IMHO this is a candidate for all LTS kernels.

Mike Isely (1):
sofware node: Only the managing device can unreference managed
software node

drivers/base/swnode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

--
2.47.3