Re: [PATCH] fix: firewire: report_lost_node: unconditional fw_node_put after conditional fw_node_event causes excess put
From: Takashi Sakamoto
Date: Sat Jun 27 2026 - 09:47:06 EST
Hi,
Thanks for the patch.
On Fri, Jun 26, 2026 at 08:37:43PM +0800, WenTao Liang wrote:
> report_lost_node unconditionally calls fw_node_put after fw_node_event,
> but fw_node_event does not unconditionally acquire a reference. Since
> for_each_fw_node already holds a reference on the node during traversal,
> the extra fw_node_put over-decrements the refcount. The sibling callback
> report_found_node does not call fw_node_put, confirming the extra put is
> erroneous.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 3038e353cfaf ("firewire: Add core firewire stack.")
> Signed-off-by: WenTao Liang <vulab@xxxxxxxxxxx>
> ---
> drivers/firewire/core-topology.c | 1 -
> 1 file changed, 1 deletion(-)
As you note, in for_each_fw_node(), the reference count is incremented
for safe traversing over the topology tree once, and it is decremented
surely at the end. So the decrement of reference count in report_lost_node()
is the different purpose.
> diff --git a/drivers/firewire/core-topology.c b/drivers/firewire/core-topology.c
> index bb2d2db30795..49820e4a34ff 100644
> --- a/drivers/firewire/core-topology.c
> +++ b/drivers/firewire/core-topology.c
> @@ -298,7 +298,6 @@ static void report_lost_node(struct fw_card *card,
> struct fw_node *node, struct fw_node *parent)
> {
> fw_node_event(card, node, FW_NODE_DESTROYED);
> - fw_node_put(node);
It corresponds to the initial increment of reference count when creating
the node instance. It is the part of node removal process in the tree,
and is required just in the line.
> /* Topology has changed - reset bus manager retry counter */
> card->bm_retries = 0;
> --
> 2.39.5 (Apple Git-154)
Thanks
Takashi Sakamoto