[PATCH v2 1/1] irqchip/renesas-irqc: fix generic IRQ chip leak on remove

[fffsqian]

Thanks for your careful review and correction.
Changes in v2:
- Corrected Fixes commit hash to 99c221df33fbfa1b, the commit that introduced nested generic chip allocation.
- Code remains unchanged; calling irq_domain_remove_generic_chips() unconditionally in the error path is safe per your feedback.

From: Qingshuang Fu <fuqingshuang@xxxxxxxxxx>
Date: Fri, 12 Jun 2026 14:02:37 +0800
Subject: [PATCH v2 1/1] irqchip/renesas-irqc: fix generic IRQ chip leak on
 remove

The driver allocates domain generic chips using
irq_alloc_domain_generic_chips() during probe. However, on driver
remove, the generic chips are not automatically freed when the IRQ
domain is removed because the domain flags do not include
IRQ_DOMAIN_FLAG_DESTROY_GC.

This causes both the domain generic chips structure and the associated
generic chips to be leaked. Additionally, the generic chips remain on
the global gc_list and may later be visited by generic IRQ chip suspend,
resume, or shutdown callbacks after the driver has been removed,
potentially resulting in a use-after-free and kernel crash.

Fix the resource leak by explicitly calling
irq_domain_remove_generic_chips() before removing the IRQ domain in
both irqc_remove() and the probe error path.

Fixes: 99c221df33fbfa1b ("irqchip/renesas-irqc: Move over to nested generic chip")
Signed-off-by: Qingshuang Fu <fuqingshuang@xxxxxxxxxx>
Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
---
 drivers/irqchip/irq-renesas-irqc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/irqchip/irq-renesas-irqc.c b/drivers/irqchip/irq-renesas-irqc.c
index a20a6471b0e4..a340d27dd8d7 100644
--- a/drivers/irqchip/irq-renesas-irqc.c
+++ b/drivers/irqchip/irq-renesas-irqc.c
@@ -211,6 +211,7 @@ static int irqc_probe(struct platform_device *pdev)
 	return 0;
 
 err_remove_domain:
+	irq_domain_remove_generic_chips(p->irq_domain);
 	irq_domain_remove(p->irq_domain);
 err_runtime_pm_disable:
 	pm_runtime_put(dev);
@@ -222,6 +223,7 @@ static void irqc_remove(struct platform_device *pdev)
 {
 	struct irqc_priv *p = platform_get_drvdata(pdev);
 
+	irq_domain_remove_generic_chips(p->irq_domain);
 	irq_domain_remove(p->irq_domain);
 	pm_runtime_put(&pdev->dev);
 	pm_runtime_disable(&pdev->dev);

base-commit: 2b414a95b8f7307d42173ba9e580d6d3e2bcbfce
-- 
2.25.1