[PATCH 1/2] of: of_node_get()/of_node_put() nodes held in phandle cache
Rob Herring
robh+dt at kernel.org
Sat Dec 15 04:15:36 AEDT 2018
On Fri, Dec 14, 2018 at 12:43 AM <frowand.list at gmail.com> wrote:
>
> From: Frank Rowand <frank.rowand at sony.com>
>
> The phandle cache contains struct device_node pointers. The refcount
> of the pointers was not incremented while in the cache, allowing use
> after free error after kfree() of the node. Add the proper increment
> and decrement of the use count.
Since we pre-populate the cache at boot, all the nodes will have a ref
count and will never be freed unless we happen to repopulate the whole
cache. That doesn't seem ideal. The node pointer is not "in use" just
because it is in the cache.
Rob
More information about the Linuxppc-dev
mailing list