of/irq: Fix device node refcount leakage in API of_irq_parse_raw()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

if the node @out_irq->np got by of_irq_parse_raw() is a combo node which
consists of both controller and nexus, namely, of_irq_parse_raw() returns
due to condition (@ipar == @newpar), then the node's refcount was increased
twice, hence causes refcount leakage.

Fix by putting @out_irq->np refcount before returning due to the condition.
Also add comments about refcount of node @out_irq->np got by the API.

Fixes: 041284181226 ("of/irq: Allow matching of an interrupt-map local to an interrupt controller")
Cc: stable@vger.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20250209-of_irq_fix-v2-4-93e3a2659aa7@quicinc.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>

authored by

Zijun Hu and committed by

Rob Herring (Arm) 1 year ago ff93e721 f8647991

1 changed file

expand all

drivers

irq.c

drivers/of/irq.c

··· 166 166 * the specifier for each map, and then returns the translated map. 167 167 * 168 168 * Return: 0 on success and a negative number on error 169 + * 170 + * Note: refcount of node @out_irq->np is increased by 1 on success. 169 171 */ 170 172 int of_irq_parse_raw(const __be32 *addr, struct of_phandle_args *out_irq) 171 173 { ··· 313 311 addrsize = (imap - match_array) - intsize; 314 312 315 313 if (ipar == newpar) { 314 + /* 315 + * We got @ipar's refcount, but the refcount was 316 + * gotten again by of_irq_parse_imap_parent() via its 317 + * alias @newpar. 318 + */ 319 + of_node_put(ipar); 316 320 pr_debug("%pOF interrupt-map entry to self\n", ipar); 317 321 return 0; 318 322 }

Configure Feed

Configure Feed