Re: [PATCH] of: unittest: fix use-after-free in of_unittest_changeset()

Next message: Kartik Rajput: "[PATCH v3] soc/tegra: pmc: Add PMC support for Tegra410"
Previous message: Rob Herring (Arm): "Re: [PATCH] of: unittest: fix use-after-free in testdrv_probe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Rob Herring (Arm)

Date: Thu Apr 16 2026 - 07:51:48 EST

On Thu, 09 Apr 2026 02:22:33 +0000, Wentao Liang wrote:
> The variable 'parent' is assigned the value of 'nchangeset' earlier in the
> function, meaning both point to the same struct device_node. The call to
> of_node_put(nchangeset) can decrement the reference count to zero and
> free the node if there are no other holders. After that, the code still
> uses 'parent' to check for the presence of a property and to read a
> string property, leading to a use-after-free.
>
> Fix this by moving the of_node_put() call after the last access to
> 'parent', avoiding the UAF.
>
> Fixes: 1c668ea65506 ("of: unittest: Use of_property_present()")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Wentao Liang <vulab@xxxxxxxxxxx>
> ---
> drivers/of/unittest.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>

Applied, thanks!