[PATCH v7] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f6 ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- v7: adapt to commit ("cpufreq: Make cpufreq_generic_init() return void") v6: keep the blank line and fix warning: label 'out_unmap_sdcpwr' defined but not used. v5: put together the code to get, use, and release cpu device_node. v4: restore the blank line. v3: fix a leaked reference. v2: clean up the code according to the advice of viresh. drivers/cpufreq/pasemi-cpufreq.c | 23 +-- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 93f39a1..c66f566 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -131,10 +131,18 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) int err = -ENODEV; cpu = of_get_cpu_node(policy->cpu, NULL); + if (!cpu) + goto out; + max_freqp = of_get_property(cpu, "clock-frequency", NULL); of_node_put(cpu); - if (!cpu) + if (!max_freqp) { + err = -EINVAL; goto out; + } + + /* we need the freq in kHz */ + max_freq = *max_freqp / 1000; dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); if (!dn) @@ -171,16 +179,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) } pr_debug("init cpufreq on CPU %d\n", policy->cpu); - - max_freqp = of_get_property(cpu, "clock-frequency", NULL); - if (!max_freqp) { - err = -EINVAL; - goto out_unmap_sdcpwr; - } - - /* we need the freq in kHz */ - max_freq = *max_freqp / 1000; - pr_debug("max clock-frequency is at %u kHz\n", max_freq); pr_debug("initializing frequency table\n"); @@ -199,9 +197,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); return 0; -out_unmap_sdcpwr: - iounmap(sdcpwr_mapbase); - out_unmap_sdcasr: iounmap(sdcasr_mapbase); out: -- 2.9.5
[PATCH v6] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f6 ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- v6: keep the blank line and fix warning: label 'out_unmap_sdcpwr' defined but not used. v5: put together the code to get, use, and release cpu device_node. v4: restore the blank line. v3: fix a leaked reference. v2: clean up the code according to the advice of viresh. drivers/cpufreq/pasemi-cpufreq.c | 26 ++ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 6b1e4ab..7d557f9 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -131,10 +131,18 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) int err = -ENODEV; cpu = of_get_cpu_node(policy->cpu, NULL); + if (!cpu) + goto out; + max_freqp = of_get_property(cpu, "clock-frequency", NULL); of_node_put(cpu); - if (!cpu) + if (!max_freqp) { + err = -EINVAL; goto out; + } + + /* we need the freq in kHz */ + max_freq = *max_freqp / 1000; dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); if (!dn) @@ -171,16 +179,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) } pr_debug("init cpufreq on CPU %d\n", policy->cpu); - - max_freqp = of_get_property(cpu, "clock-frequency", NULL); - if (!max_freqp) { - err = -EINVAL; - goto out_unmap_sdcpwr; - } - - /* we need the freq in kHz */ - max_freq = *max_freqp / 1000; - pr_debug("max clock-frequency is at %u kHz\n", max_freq); pr_debug("initializing frequency table\n"); @@ -196,7 +194,11 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) policy->cur = pas_freqs[cur_astate].frequency; ppc_proc_freq = policy->cur * 1000ul; - return cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); + err = cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); + if (err) + goto out_unmap_sdcpwr; + + return 0; out_unmap_sdcpwr: iounmap(sdcpwr_mapbase); -- 2.9.5
[PATCH 2/2] powerpc/83xx: cleanup error paths in mpc831x_usb_cfg()
Rename the jump labels according to the cleanup they perform, and move reference handling to simplify cleanup. Signed-off-by: Wen Yang Cc: Scott Wood Cc: Kumar Gala Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Markus Elfring Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/83xx/usb.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/platforms/83xx/usb.c b/arch/powerpc/platforms/83xx/usb.c index 19dcef5..56b36fa 100644 --- a/arch/powerpc/platforms/83xx/usb.c +++ b/arch/powerpc/platforms/83xx/usb.c @@ -160,11 +160,9 @@ int mpc831x_usb_cfg(void) /* Map USB SOC space */ ret = of_address_to_resource(np, 0, ); - if (ret) { - of_node_put(immr_node); - of_node_put(np); - return ret; - } + if (ret) + goto out_put_node; + usb_regs = ioremap(res.start, resource_size()); /* Using on-chip PHY */ @@ -173,7 +171,7 @@ int mpc831x_usb_cfg(void) u32 refsel; if (of_device_is_compatible(immr_node, "fsl,mpc8308-immr")) - goto out; + goto out_unmap; if (of_device_is_compatible(immr_node, "fsl,mpc8315-immr")) refsel = CONTROL_REFSEL_24MHZ; @@ -200,8 +198,9 @@ int mpc831x_usb_cfg(void) ret = -EINVAL; } -out: +out_unmap: iounmap(usb_regs); +out_put_node: of_node_put(immr_node); of_node_put(np); return ret; -- 2.9.5
[PATCH 1/2] powerpc/83xx: fix use-after-free in mpc831x_usb_cfg()
The immr_node variable is still being used after the of_node_put() call, which may result in use-after-free. Fix this issue by calling of_node_put() after the last usage. Fixes: fd066e850351 ("powerpc/mpc8308: fix USB DR controller initialization") Signed-off-by: Wen Yang Cc: Scott Wood Cc: Kumar Gala Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Markus Elfring Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/83xx/usb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/platforms/83xx/usb.c b/arch/powerpc/platforms/83xx/usb.c index 3d247d7..19dcef5 100644 --- a/arch/powerpc/platforms/83xx/usb.c +++ b/arch/powerpc/platforms/83xx/usb.c @@ -158,11 +158,10 @@ int mpc831x_usb_cfg(void) iounmap(immap); - of_node_put(immr_node); - /* Map USB SOC space */ ret = of_address_to_resource(np, 0, ); if (ret) { + of_node_put(immr_node); of_node_put(np); return ret; } @@ -203,6 +202,7 @@ int mpc831x_usb_cfg(void) out: iounmap(usb_regs); + of_node_put(immr_node); of_node_put(np); return ret; } -- 2.9.5
[PATCH v5] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- v5: put together the code to get, use, and release cpu device_node. v4: restore the blank line. v3: fix a leaked reference. v2: clean up the code according to the advice of viresh. drivers/cpufreq/pasemi-cpufreq.c | 21 + 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 6b1e4ab..1f0beb7 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -131,10 +131,17 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) int err = -ENODEV; cpu = of_get_cpu_node(policy->cpu, NULL); - - of_node_put(cpu); if (!cpu) goto out; + max_freqp = of_get_property(cpu, "clock-frequency", NULL); + of_node_put(cpu); + if (!max_freqp) { + err = -EINVAL; + goto out; + } + + /* we need the freq in kHz */ + max_freq = *max_freqp / 1000; dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); if (!dn) @@ -171,16 +178,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) } pr_debug("init cpufreq on CPU %d\n", policy->cpu); - - max_freqp = of_get_property(cpu, "clock-frequency", NULL); - if (!max_freqp) { - err = -EINVAL; - goto out_unmap_sdcpwr; - } - - /* we need the freq in kHz */ - max_freq = *max_freqp / 1000; - pr_debug("max clock-frequency is at %u kHz\n", max_freq); pr_debug("initializing frequency table\n"); -- 2.9.5
[PATCH v4] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- v4: restore the blank line. v3: fix a leaked reference. v2: clean up the code according to the advice of viresh. drivers/cpufreq/pasemi-cpufreq.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 6b1e4ab..f0c98fc 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -128,20 +128,21 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) int cur_astate, idx; struct resource res; struct device_node *cpu, *dn; - int err = -ENODEV; + int err; cpu = of_get_cpu_node(policy->cpu, NULL); - of_node_put(cpu); if (!cpu) - goto out; + return -ENODEV; dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); if (!dn) dn = of_find_compatible_node(NULL, NULL, "pasemi,pwrficient-sdc"); - if (!dn) + if (!dn) { + err = -ENODEV; goto out; + } err = of_address_to_resource(dn, 0, ); of_node_put(dn); if (err) @@ -196,6 +197,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) policy->cur = pas_freqs[cur_astate].frequency; ppc_proc_freq = policy->cur * 1000ul; + of_node_put(cpu); return cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); out_unmap_sdcpwr: @@ -204,6 +206,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) out_unmap_sdcasr: iounmap(sdcasr_mapbase); out: + of_node_put(cpu); return err; } -- 2.9.5
[PATCH v3] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- v3: fix a leaked reference. v2: clean up the code according to the advice of viresh. drivers/cpufreq/pasemi-cpufreq.c | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 6b1e4ab..9dc5163 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -128,20 +128,20 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) int cur_astate, idx; struct resource res; struct device_node *cpu, *dn; - int err = -ENODEV; + int err; cpu = of_get_cpu_node(policy->cpu, NULL); - - of_node_put(cpu); if (!cpu) - goto out; + return -ENODEV; dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); if (!dn) dn = of_find_compatible_node(NULL, NULL, "pasemi,pwrficient-sdc"); - if (!dn) + if (!dn) { + err = -ENODEV; goto out; + } err = of_address_to_resource(dn, 0, ); of_node_put(dn); if (err) @@ -196,6 +196,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) policy->cur = pas_freqs[cur_astate].frequency; ppc_proc_freq = policy->cur * 1000ul; + of_node_put(cpu); return cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); out_unmap_sdcpwr: @@ -204,6 +205,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) out_unmap_sdcasr: iounmap(sdcasr_mapbase); out: + of_node_put(cpu); return err; } -- 2.9.5
[PATCH v2] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- v2: clean up the code according to the advice of viresh. drivers/cpufreq/pasemi-cpufreq.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 6b1e4ab..c6d464b 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -128,20 +128,18 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) int cur_astate, idx; struct resource res; struct device_node *cpu, *dn; - int err = -ENODEV; + int err; cpu = of_get_cpu_node(policy->cpu, NULL); - - of_node_put(cpu); if (!cpu) - goto out; + return -ENODEV; dn = of_find_compatible_node(NULL, NULL, "1682m-sdc"); if (!dn) dn = of_find_compatible_node(NULL, NULL, "pasemi,pwrficient-sdc"); if (!dn) - goto out; + return -ENODEV; err = of_address_to_resource(dn, 0, ); of_node_put(dn); if (err) @@ -196,6 +194,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) policy->cur = pas_freqs[cur_astate].frequency; ppc_proc_freq = policy->cur * 1000ul; + of_node_put(cpu); return cpufreq_generic_init(policy, pas_freqs, get_gizmo_latency()); out_unmap_sdcpwr: @@ -204,6 +203,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) out_unmap_sdcasr: iounmap(sdcasr_mapbase); out: + of_node_put(cpu); return err; } -- 2.9.5
[PATCH] cpufreq/pasemi: fix an use-after-free in pas_cpufreq_cpu_init()
The cpu variable is still being used in the of_get_property() call after the of_node_put() call, which may result in use-after-free. Fixes: a9acc26b75f ("cpufreq/pasemi: fix possible object reference leak") Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- drivers/cpufreq/pasemi-cpufreq.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 6b1e4ab..d2dd47b 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -132,7 +132,6 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu = of_get_cpu_node(policy->cpu, NULL); - of_node_put(cpu); if (!cpu) goto out; @@ -141,15 +140,15 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) dn = of_find_compatible_node(NULL, NULL, "pasemi,pwrficient-sdc"); if (!dn) - goto out; + goto out_put_cpu_node; err = of_address_to_resource(dn, 0, ); of_node_put(dn); if (err) - goto out; + goto out_put_cpu_node; sdcasr_mapbase = ioremap(res.start + SDCASR_OFFSET, 0x2000); if (!sdcasr_mapbase) { err = -EINVAL; - goto out; + goto out_put_cpu_node; } dn = of_find_compatible_node(NULL, NULL, "1682m-gizmo"); @@ -177,6 +176,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) err = -EINVAL; goto out_unmap_sdcpwr; } + of_node_put(cpu); /* we need the freq in kHz */ max_freq = *max_freqp / 1000; @@ -203,6 +203,8 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) out_unmap_sdcasr: iounmap(sdcasr_mapbase); +out_put_cpu_node: + of_node_put(cpu); out: return err; } -- 2.9.5
[PATCH] powerpc: fix use-after-free on fixup_port_irq()
There is a possible use-after-free issue in the fixup_port_irq(): 460 static void __init fixup_port_irq(int index, 461 struct device_node *np, 462 struct plat_serial8250_port *port) 463 { ... 469 if (!virq && legacy_serial_infos[index].irq_check_parent) { 470 np = of_get_parent(np); --> modified here. ... 474 of_node_put(np); ---> released here 475 } ... 481 #ifdef CONFIG_SERIAL_8250_FSL 482 if (of_device_is_compatible(np, "fsl,ns16550")) --> dereferenced here ... 484 #endif 485 } We solve this problem by introducing a new parent_np variable. Fixes: 9deaa53ac7fa ("serial: add irq handler for Freescale 16550 errata.") Signed-off-by: Wen Yang Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Rob Herring Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/kernel/legacy_serial.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/kernel/legacy_serial.c b/arch/powerpc/kernel/legacy_serial.c index 7cea597..0105f3e 100644 --- a/arch/powerpc/kernel/legacy_serial.c +++ b/arch/powerpc/kernel/legacy_serial.c @@ -461,17 +461,18 @@ static void __init fixup_port_irq(int index, struct device_node *np, struct plat_serial8250_port *port) { + struct device_node *parent_np; unsigned int virq; DBG("fixup_port_irq(%d)\n", index); virq = irq_of_parse_and_map(np, 0); if (!virq && legacy_serial_infos[index].irq_check_parent) { - np = of_get_parent(np); - if (np == NULL) + parent_np = of_get_parent(np); + if (parent_np == NULL) return; - virq = irq_of_parse_and_map(np, 0); - of_node_put(np); + virq = irq_of_parse_and_map(parent_np, 0); + of_node_put(parent_np); } if (!virq) return; -- 2.9.5
[PATCH] powerpc/83xx: fix use-after-free on mpc831x_usb_cfg()
The np variable is still being used after the of_node_put() call, which may result in use-after-free. We fix this issue by calling of_node_put() after the last usage. This patatch also do some cleanup. Fixes: fd066e850351 ("powerpc/mpc8308: fix USB DR controller initialization") Signed-off-by: Wen Yang Cc: Scott Wood Cc: Kumar Gala Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/83xx/usb.c | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/arch/powerpc/platforms/83xx/usb.c b/arch/powerpc/platforms/83xx/usb.c index 3d247d7..56b36fa 100644 --- a/arch/powerpc/platforms/83xx/usb.c +++ b/arch/powerpc/platforms/83xx/usb.c @@ -158,14 +158,11 @@ int mpc831x_usb_cfg(void) iounmap(immap); - of_node_put(immr_node); - /* Map USB SOC space */ ret = of_address_to_resource(np, 0, ); - if (ret) { - of_node_put(np); - return ret; - } + if (ret) + goto out_put_node; + usb_regs = ioremap(res.start, resource_size()); /* Using on-chip PHY */ @@ -174,7 +171,7 @@ int mpc831x_usb_cfg(void) u32 refsel; if (of_device_is_compatible(immr_node, "fsl,mpc8308-immr")) - goto out; + goto out_unmap; if (of_device_is_compatible(immr_node, "fsl,mpc8315-immr")) refsel = CONTROL_REFSEL_24MHZ; @@ -201,8 +198,10 @@ int mpc831x_usb_cfg(void) ret = -EINVAL; } -out: +out_unmap: iounmap(usb_regs); +out_put_node: + of_node_put(immr_node); of_node_put(np); return ret; } -- 2.9.5
[PATCH] powerpc/prom: fix use-after-free on cpu_to_chip_id()
The np variable is still being used after the of_node_put() call, which may result in use-after-free. We fix this issue by calling of_node_put() after the last usage. Fixes: 3eb906c6b6c1 ("powerpc: Make cpu_to_chip_id() available when SMP=n") Signed-off-by: Wen Yang Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Christophe Leroy Cc: Andrew Morton Cc: Mike Rapoport Cc: Greg Kroah-Hartman Cc: "Aneesh Kumar K.V" Cc: Thomas Gleixner Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/kernel/prom.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c index 7159e79..ad87b94 100644 --- a/arch/powerpc/kernel/prom.c +++ b/arch/powerpc/kernel/prom.c @@ -872,13 +872,15 @@ EXPORT_SYMBOL(of_get_ibm_chip_id); int cpu_to_chip_id(int cpu) { struct device_node *np; + int id; np = of_get_cpu_node(cpu, NULL); if (!np) return -1; + id = of_get_ibm_chip_id(np); of_node_put(np); - return of_get_ibm_chip_id(np); + return id; } EXPORT_SYMBOL(cpu_to_chip_id); -- 2.9.5
[PATCH 6/7] cpufreq: pmac32: fix possible object reference leak
The call to of_find_node_by_name returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./drivers/cpufreq/pmac32-cpufreq.c:557:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function. ./drivers/cpufreq/pmac32-cpufreq.c:569:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function. ./drivers/cpufreq/pmac32-cpufreq.c:598:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 587, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linux...@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- drivers/cpufreq/pmac32-cpufreq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/cpufreq/pmac32-cpufreq.c b/drivers/cpufreq/pmac32-cpufreq.c index 52f0d91..9b4ce2e 100644 --- a/drivers/cpufreq/pmac32-cpufreq.c +++ b/drivers/cpufreq/pmac32-cpufreq.c @@ -552,6 +552,7 @@ static int pmac_cpufreq_init_7447A(struct device_node *cpunode) volt_gpio_np = of_find_node_by_name(NULL, "cpu-vcore-select"); if (volt_gpio_np) voltage_gpio = read_gpio(volt_gpio_np); + of_node_put(volt_gpio_np); if (!voltage_gpio){ pr_err("missing cpu-vcore-select gpio\n"); return 1; @@ -588,6 +589,7 @@ static int pmac_cpufreq_init_750FX(struct device_node *cpunode) if (volt_gpio_np) voltage_gpio = read_gpio(volt_gpio_np); + of_node_put(volt_gpio_np); pvr = mfspr(SPRN_PVR); has_cpu_l2lve = !((pvr & 0xf00) == 0x100); -- 2.9.5
[PATCH 5/7] cpufreq/pasemi: fix possible object reference leak
The call to of_get_cpu_node returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./drivers/cpufreq/pasemi-cpufreq.c:212:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function. ./drivers/cpufreq/pasemi-cpufreq.c:220:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: "Rafael J. Wysocki" Cc: Viresh Kumar Cc: linuxppc-dev@lists.ozlabs.org Cc: linux...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- drivers/cpufreq/pasemi-cpufreq.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/cpufreq/pasemi-cpufreq.c b/drivers/cpufreq/pasemi-cpufreq.c index 75dfbd2..c7710c1 100644 --- a/drivers/cpufreq/pasemi-cpufreq.c +++ b/drivers/cpufreq/pasemi-cpufreq.c @@ -146,6 +146,7 @@ static int pas_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu = of_get_cpu_node(policy->cpu, NULL); + of_node_put(cpu); if (!cpu) goto out; -- 2.9.5
[PATCH 3/5] powerpc/powernv: fix possible object reference leak
The call to of_find_node_by_path returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./arch/powerpc/platforms/powernv/opal.c:741:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 733, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Nicholas Piggin Cc: Mike Rapoport Cc: Andrew Morton Cc: Mahesh Salgaonkar Cc: Haren Myneni Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/powernv/opal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c index 2b0eca1..d7736a5 100644 --- a/arch/powerpc/platforms/powernv/opal.c +++ b/arch/powerpc/platforms/powernv/opal.c @@ -738,6 +738,7 @@ static void opal_export_attrs(void) kobj = kobject_create_and_add("exports", opal_kobj); if (!kobj) { pr_warn("kobject_create_and_add() of exports failed\n"); + of_node_put(np); return; } -- 2.9.5
[PATCH 5/5] powerpc/8xx: fix possible object reference leak
The call to of_find_compatible_node returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. irq_domain_add_linear also calls of_node_get to increase refcount, so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./arch/powerpc/platforms/8xx/pic.c:158:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 136, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Vitaly Bordug Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/8xx/pic.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/8xx/pic.c b/arch/powerpc/platforms/8xx/pic.c index 8d5a25d..13d880b 100644 --- a/arch/powerpc/platforms/8xx/pic.c +++ b/arch/powerpc/platforms/8xx/pic.c @@ -155,6 +155,7 @@ int mpc8xx_pic_init(void) ret = -ENOMEM; goto out; } + of_node_put(np); return 0; out: -- 2.9.5
[PATCH 4/5] powerpc/embedded6xx: fix possible object reference leak
The call to of_find_compatible_node returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./arch/powerpc/platforms/embedded6xx/mvme5100.c:89:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 80, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/embedded6xx/mvme5100.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/embedded6xx/mvme5100.c b/arch/powerpc/platforms/embedded6xx/mvme5100.c index 273dfa3..660654f4 100644 --- a/arch/powerpc/platforms/embedded6xx/mvme5100.c +++ b/arch/powerpc/platforms/embedded6xx/mvme5100.c @@ -86,6 +86,7 @@ static void __init mvme5100_pic_init(void) cirq = irq_of_parse_and_map(cp, 0); if (!cirq) { pr_warn("mvme5100_pic_init: no cascade interrupt?\n"); + of_node_put(cp); return; } -- 2.9.5
[PATCH 2/5] powerpc/83xx: fix possible object reference leak
The call to of_find_node_by_name returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./arch/powerpc/platforms/83xx/km83xx.c:68:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 59, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Scott Wood Cc: Kumar Gala Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/83xx/km83xx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/83xx/km83xx.c b/arch/powerpc/platforms/83xx/km83xx.c index d8642a4..11eea7c 100644 --- a/arch/powerpc/platforms/83xx/km83xx.c +++ b/arch/powerpc/platforms/83xx/km83xx.c @@ -65,6 +65,7 @@ static void quirk_mpc8360e_qe_enet10(void) ret = of_address_to_resource(np_par, 0, ); if (ret) { pr_warn("%s couldn;t map par_io registers\n", __func__); + of_node_put(np_par); return; } -- 2.9.5
[PATCH 1/5] powerpc/sparse: fix possible object reference leak
The call to of_find_node_by_path returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./arch/powerpc/platforms/pseries/pseries_energy.c:101:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 46, but without a corresponding object release within this function. ./arch/powerpc/platforms/pseries/pseries_energy.c:172:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 111, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- arch/powerpc/platforms/pseries/pseries_energy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/platforms/pseries/pseries_energy.c b/arch/powerpc/platforms/pseries/pseries_energy.c index 6ed2212..e3913e4 100644 --- a/arch/powerpc/platforms/pseries/pseries_energy.c +++ b/arch/powerpc/platforms/pseries/pseries_energy.c @@ -69,7 +69,7 @@ static u32 cpu_to_drc_index(int cpu) of_read_drc_info_cell(, , ); if (strncmp(drc.drc_type, "CPU", 3)) - goto err; + goto err_of_node_put; if (thread_index < drc.last_drc_index) break; @@ -131,7 +131,7 @@ static int drc_index_to_cpu(u32 drc_index) of_read_drc_info_cell(, , ); if (strncmp(drc.drc_type, "CPU", 3)) - goto err; + goto err_of_node_put; if (drc_index > drc.last_drc_index) { cpu += drc.num_sequential_elems; -- 2.9.5
[PATCH 6/8] PCI: iproc: fix a leaked reference by adding missing of_node_put
The call to of_parse_phandle returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. iproc_msi_init also calls of_node_get to increase refcount (proc_msi_init -> iproc_msi_alloc_domains -> pci_msi_create_irq_domain -> msi_create_irq_domain -> irq_domain_create_linear -> __irq_domain_add), so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./drivers/pci/controller/pcie-iproc.c:1323:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1299, but without a corresponding object release within this function. ./drivers/pci/controller/pcie-iproc.c:1330:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 1299, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: Ray Jui Cc: Scott Branden Cc: bcm-kernel-feedback-l...@broadcom.com Cc: linux-...@vger.kernel.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/controller/pcie-iproc.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-iproc.c b/drivers/pci/controller/pcie-iproc.c index c20fd6b..9998c5c 100644 --- a/drivers/pci/controller/pcie-iproc.c +++ b/drivers/pci/controller/pcie-iproc.c @@ -1320,14 +1320,18 @@ static int iproc_pcie_msi_enable(struct iproc_pcie *pcie) if (pcie->need_msi_steer) { ret = iproc_pcie_msi_steer(pcie, msi_node); if (ret) - return ret; + goto out_put_node; } /* * If another MSI controller is being used, the call below should fail * but that is okay */ - return iproc_msi_init(pcie, msi_node); + ret = iproc_msi_init(pcie, msi_node); + +out_put_node: + of_node_put(msi_node); + return ret; } static void iproc_pcie_msi_disable(struct iproc_pcie *pcie) -- 2.9.5
[PATCH 7/8] PCI: mediatek: fix a leaked reference by adding missing of_node_put
The call to of_get_next_child returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. irq_domain_add_linear also calls of_node_get to increase refcount, so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./drivers/pci/controller/pcie-mediatek.c:577:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 567, but without a corresponding object release within this function. ./drivers/pci/controller/pcie-mediatek.c:583:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 567, but without a corresponding object release within this function. ./drivers/pci/controller/pcie-mediatek.c:586:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 567, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Ryder Lee Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: Matthias Brugger Cc: linux-...@vger.kernel.org Cc: linux-media...@lists.infradead.org Cc: linux-ker...@vger.kernel.org Cc: linux-arm-ker...@lists.infradead.org --- drivers/pci/controller/pcie-mediatek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/controller/pcie-mediatek.c b/drivers/pci/controller/pcie-mediatek.c index 55e471c..e91716a 100644 --- a/drivers/pci/controller/pcie-mediatek.c +++ b/drivers/pci/controller/pcie-mediatek.c @@ -572,6 +572,7 @@ static int mtk_pcie_init_irq_domain(struct mtk_pcie_port *port, port->irq_domain = irq_domain_add_linear(pcie_intc_node, PCI_NUM_INTX, _domain_ops, port); + of_node_put(pcie_intc_node); if (!port->irq_domain) { dev_err(dev, "failed to get INTx IRQ domain\n"); return -ENODEV; -- 2.9.5
[PATCH 8/8] PCI: rpadlpar: fix a leaked reference by adding missing of_node_put
The call to of_find_node_by_name returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./drivers/pci/hotplug/rpadlpar_core.c:55:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 42, but without a corresponding object release within this function Signed-off-by: Wen Yang Cc: Tyrel Datwyler Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: Bjorn Helgaas Cc: linux-...@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/hotplug/rpadlpar_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/hotplug/rpadlpar_core.c b/drivers/pci/hotplug/rpadlpar_core.c index e2356a9..f3f42ff 100644 --- a/drivers/pci/hotplug/rpadlpar_core.c +++ b/drivers/pci/hotplug/rpadlpar_core.c @@ -52,6 +52,7 @@ static struct device_node *find_vio_slot_node(char *drc_name) break; } + of_node_put(parent); return dn; } -- 2.9.5
[PATCH 2/8] PCI: uniphier: fix a leaked reference by adding missing of_node_put
The call to of_get_child_by_name returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. irq_domain_add_linear also calls of_node_get to increase refcount, so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./drivers/pci/controller/dwc/pcie-uniphier.c:283:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 274, but without a corresponding object release within this function. ./drivers/pci/controller/dwc/pcie-uniphier.c:290:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 274, but without a corresponding object release within this function. ./drivers/pci/controller/dwc/pcie-uniphier.c:296:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 274, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Kunihiko Hayashi Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: Masahiro Yamada Cc: linux-...@vger.kernel.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/controller/dwc/pcie-uniphier.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/pci/controller/dwc/pcie-uniphier.c b/drivers/pci/controller/dwc/pcie-uniphier.c index d5dc402..3f30ee4 100644 --- a/drivers/pci/controller/dwc/pcie-uniphier.c +++ b/drivers/pci/controller/dwc/pcie-uniphier.c @@ -270,6 +270,7 @@ static int uniphier_pcie_config_legacy_irq(struct pcie_port *pp) struct uniphier_pcie_priv *priv = to_uniphier_pcie(pci); struct device_node *np = pci->dev->of_node; struct device_node *np_intc; + int ret = 0; np_intc = of_get_child_by_name(np, "legacy-interrupt-controller"); if (!np_intc) { @@ -280,20 +281,24 @@ static int uniphier_pcie_config_legacy_irq(struct pcie_port *pp) pp->irq = irq_of_parse_and_map(np_intc, 0); if (!pp->irq) { dev_err(pci->dev, "Failed to get an IRQ entry in legacy-interrupt-controller\n"); - return -EINVAL; + ret = -EINVAL; + goto out_put_node; } priv->legacy_irq_domain = irq_domain_add_linear(np_intc, PCI_NUM_INTX, _intx_domain_ops, pp); if (!priv->legacy_irq_domain) { dev_err(pci->dev, "Failed to get INTx domain\n"); - return -ENODEV; + ret = -ENODEV; + goto out_put_node; } irq_set_chained_handler_and_data(pp->irq, uniphier_pcie_irq_handler, pp); - return 0; +out_put_node: + of_node_put(np_intc); + return ret; } static int uniphier_pcie_host_init(struct pcie_port *pp) -- 2.9.5
[PATCH 4/8] PCI: rockchip: fix a leaked reference by adding missing of_node_put
The call to of_get_child_by_name returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. irq_domain_add_linear also calls of_node_get to increase refcount, so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./drivers/pci/controller/pcie-rockchip-host.c:729:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 718, but without a corresponding object release within this function. ./drivers/pci/controller/pcie-rockchip-host.c:732:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 718, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Shawn Lin Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: Heiko Stuebner Cc: linux-...@vger.kernel.org Cc: linux-rockc...@lists.infradead.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/controller/pcie-rockchip-host.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/controller/pcie-rockchip-host.c b/drivers/pci/controller/pcie-rockchip-host.c index 1372d27..8d20f17 100644 --- a/drivers/pci/controller/pcie-rockchip-host.c +++ b/drivers/pci/controller/pcie-rockchip-host.c @@ -724,6 +724,7 @@ static int rockchip_pcie_init_irq_domain(struct rockchip_pcie *rockchip) rockchip->irq_domain = irq_domain_add_linear(intc, PCI_NUM_INTX, _domain_ops, rockchip); + of_node_put(intc); if (!rockchip->irq_domain) { dev_err(dev, "failed to get a INTx IRQ domain\n"); return -EINVAL; -- 2.9.5
[PATCH 5/8] PCI: aardvark: fix a leaked reference by adding missing of_node_put
The call to of_get_next_child returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. irq_domain_add_linear also calls of_node_get to increase refcount, so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./drivers/pci/controller/pci-aardvark.c:826:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 798, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Thomas Petazzoni Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: linux-...@vger.kernel.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/controller/pci-aardvark.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index 750081c..56ecb16 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -794,6 +794,7 @@ static int advk_pcie_init_irq_domain(struct advk_pcie *pcie) struct device_node *node = dev->of_node; struct device_node *pcie_intc_node; struct irq_chip *irq_chip; + int ret = 0; pcie_intc_node = of_get_next_child(node, NULL); if (!pcie_intc_node) { @@ -806,8 +807,8 @@ static int advk_pcie_init_irq_domain(struct advk_pcie *pcie) irq_chip->name = devm_kasprintf(dev, GFP_KERNEL, "%s-irq", dev_name(dev)); if (!irq_chip->name) { - of_node_put(pcie_intc_node); - return -ENOMEM; + ret = -ENOMEM; + goto out_put_node; } irq_chip->irq_mask = advk_pcie_irq_mask; @@ -819,11 +820,13 @@ static int advk_pcie_init_irq_domain(struct advk_pcie *pcie) _pcie_irq_domain_ops, pcie); if (!pcie->irq_domain) { dev_err(dev, "Failed to get a INTx IRQ domain\n"); - of_node_put(pcie_intc_node); - return -ENOMEM; + ret = -ENOMEM; + goto out_put_node; } - return 0; +out_put_node: + of_node_put(pcie_intc_node); + return ret; } static void advk_pcie_remove_irq_domain(struct advk_pcie *pcie) -- 2.9.5
[PATCH 3/8] PCI: dwc: layerscape: fix a leaked reference by adding missing of_node_put
The call to of_parse_phandle returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./drivers/pci/controller/dwc/pci-layerscape.c:204:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 198, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Minghuan Lian Cc: Mingkai Hu Cc: Roy Zang Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-...@vger.kernel.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/controller/dwc/pci-layerscape.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/controller/dwc/pci-layerscape.c b/drivers/pci/controller/dwc/pci-layerscape.c index ce45bde2..3a5fa26 100644 --- a/drivers/pci/controller/dwc/pci-layerscape.c +++ b/drivers/pci/controller/dwc/pci-layerscape.c @@ -201,6 +201,7 @@ static int ls_pcie_msi_host_init(struct pcie_port *pp) return -EINVAL; } + of_node_put(msi_node); return 0; } -- 2.9.5
[PATCH 1/8] PCI: dwc: pci-dra7xx: fix a leaked reference by adding missing of_node_put
The call to of_get_next_child returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. irq_domain_add_linear also calls of_node_get to increase refcount, so irq_domain will not be affected when it is released. Detected by coccinelle with the following warnings: ./drivers/pci/controller/dwc/pci-dra7xx.c:252:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 241, but without a corresponding object release within this function. ./drivers/pci/controller/dwc/pci-dra7xx.c:255:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 241, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Kishon Vijay Abraham I Cc: Lorenzo Pieralisi Cc: Bjorn Helgaas Cc: linux-o...@vger.kernel.org Cc: linux-...@vger.kernel.org Cc: linux-ker...@vger.kernel.org --- drivers/pci/controller/dwc/pci-dra7xx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index ae84a69..627c91d 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -247,6 +247,7 @@ static int dra7xx_pcie_init_irq_domain(struct pcie_port *pp) dra7xx->irq_domain = irq_domain_add_linear(pcie_intc_node, PCI_NUM_INTX, _domain_ops, pp); + of_node_put(pcie_intc_node); if (!dra7xx->irq_domain) { dev_err(dev, "Failed to get a INTx IRQ domain\n"); return -ENODEV; -- 2.9.5
[PATCH 1/3] ASoC: wcd9335: fix a leaked reference by adding missing of_node_put
The call to of_parse_phandle returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./sound/soc/codecs/wcd9335.c:5193:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 5183, but without a correspon ding object release within this function. Signed-off-by: Wen Yang Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: Srinivas Kandagatla Cc: Vinod Koul Cc: Dan Carpenter (commit_signer:1/11=9%,authored:1/11=9%) Cc: alsa-de...@alsa-project.org Cc: linux-ker...@vger.kernel.org --- sound/soc/codecs/wcd9335.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 981f88a..a04a7ce 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -5188,6 +5188,7 @@ static int wcd9335_slim_status(struct slim_device *sdev, wcd->slim = sdev; wcd->slim_ifc_dev = of_slim_get_device(sdev->ctrl, ifc_dev_np); + of_node_put(ifc_dev_np); if (!wcd->slim_ifc_dev) { dev_err(dev, "Unable to get SLIM Interface device\n"); return -EINVAL; -- 2.9.5
[PATCH 3/3] ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
The call to of_parse_phandle returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./sound/soc/fsl/eukrea-tlv320.c:121:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 102, but without a correspo nding object release within this function. ./sound/soc/fsl/eukrea-tlv320.c:127:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 102, but without a correspo nding object release within this function. Signed-off-by: Wen Yang Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: alsa-de...@alsa-project.org Cc: linux-ker...@vger.kernel.org --- sound/soc/fsl/eukrea-tlv320.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/fsl/eukrea-tlv320.c b/sound/soc/fsl/eukrea-tlv320.c index 191426a..30a3d68 100644 --- a/sound/soc/fsl/eukrea-tlv320.c +++ b/sound/soc/fsl/eukrea-tlv320.c @@ -118,13 +118,13 @@ static int eukrea_tlv320_probe(struct platform_device *pdev) if (ret) { dev_err(>dev, "fsl,mux-int-port node missing or invalid.\n"); - return ret; + goto err; } ret = of_property_read_u32(np, "fsl,mux-ext-port", _port); if (ret) { dev_err(>dev, "fsl,mux-ext-port node missing or invalid.\n"); - return ret; + goto err; } /* -- 2.9.5
[PATCH 2/3] ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
The call to of_parse_phandle returns a node pointer with refcount incremented thus it must be explicitly decremented after the last usage. Detected by coccinelle with the following warnings: ./sound/soc/fsl/fsl_utils.c:74:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 38, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Timur Tabi Cc: Nicolin Chen Cc: Xiubo Li Cc: Fabio Estevam Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: alsa-de...@alsa-project.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- sound/soc/fsl/fsl_utils.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/fsl/fsl_utils.c b/sound/soc/fsl/fsl_utils.c index 9981668..040d06b 100644 --- a/sound/soc/fsl/fsl_utils.c +++ b/sound/soc/fsl/fsl_utils.c @@ -71,6 +71,7 @@ int fsl_asoc_get_dma_channel(struct device_node *ssi_np, iprop = of_get_property(dma_np, "cell-index", NULL); if (!iprop) { of_node_put(dma_np); + of_node_put(dma_channel_np); return -EINVAL; } *dma_id = be32_to_cpup(iprop); -- 2.9.5
[PATCH 1/3] SoC: imx-sgtl5000: add missing put_device()
The of_find_device_by_node() takes a reference to the underlying device structure, we should release that reference. Detected by coccinelle with the following warnings: ./sound/soc/fsl/imx-sgtl5000.c:169:1-7: ERROR: missing put_device; call of_find_device_by_node on line 105, but without a corresponding object release within this function. ./sound/soc/fsl/imx-sgtl5000.c:177:1-7: ERROR: missing put_device; call of_find_device_by_node on line 105, but without a corresponding object release within this function. Signed-off-by: Wen Yang Cc: Timur Tabi Cc: Nicolin Chen Cc: Xiubo Li Cc: Fabio Estevam Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: Shawn Guo Cc: Sascha Hauer Cc: Pengutronix Kernel Team Cc: NXP Linux Team Cc: alsa-de...@alsa-project.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-ker...@vger.kernel.org --- sound/soc/fsl/imx-sgtl5000.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/fsl/imx-sgtl5000.c b/sound/soc/fsl/imx-sgtl5000.c index b6cb80480b60..bf8597f57dce 100644 --- a/sound/soc/fsl/imx-sgtl5000.c +++ b/sound/soc/fsl/imx-sgtl5000.c @@ -108,6 +108,7 @@ static int imx_sgtl5000_probe(struct platform_device *pdev) ret = -EPROBE_DEFER; goto fail; } + put_device(_pdev->dev); codec_dev = of_find_i2c_device_by_node(codec_np); if (!codec_dev) { dev_dbg(>dev, "failed to find codec platform device\n"); -- 2.20.1
[PATCH] ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
The of_find_device_by_node() takes a reference to the underlying device structure, we should release that reference. Signed-off-by: Wen Yang Cc: Timur Tabi Cc: Nicolin Chen Cc: Xiubo Li Cc: Fabio Estevam Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: alsa-de...@alsa-project.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-ker...@vger.kernel.org --- sound/soc/fsl/fsl-asoc-card.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c index 81f2fe2..60f87a0 100644 --- a/sound/soc/fsl/fsl-asoc-card.c +++ b/sound/soc/fsl/fsl-asoc-card.c @@ -689,6 +689,7 @@ static int fsl_asoc_card_probe(struct platform_device *pdev) asrc_fail: of_node_put(asrc_np); of_node_put(codec_np); + put_device(_pdev->dev); fail: of_node_put(cpu_np); -- 2.7.4
[PATCH] net/ibmvnic: Remove tests of member address
The driver was checking for non-NULL address. - adapter->napi[i] This is pointless as these will be always non-NULL, since the 'dapter->napi' is allocated in init_napi(). It is safe to get rid of useless checks for addresses to fix the coccinelle warning: >>drivers/net/ethernet/ibm/ibmvnic.c: test of a variable/field address Since such statements always return true, they are redundant. Signed-off-by: Wen Yang CC: Benjamin Herrenschmidt CC: Paul Mackerras CC: Michael Ellerman CC: Thomas Falcon CC: John Allen CC: "David S. Miller" CC: linuxppc-dev@lists.ozlabs.org CC: net...@vger.kernel.org CC: linux-ker...@vger.kernel.org --- drivers/net/ethernet/ibm/ibmvnic.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c index ed50b8dee44f..14d00985f087 100644 --- a/drivers/net/ethernet/ibm/ibmvnic.c +++ b/drivers/net/ethernet/ibm/ibmvnic.c @@ -773,11 +773,8 @@ static void release_napi(struct ibmvnic_adapter *adapter) return; for (i = 0; i < adapter->num_active_rx_napi; i++) { - if (>napi[i]) { - netdev_dbg(adapter->netdev, - "Releasing napi[%d]\n", i); - netif_napi_del(>napi[i]); - } + netdev_dbg(adapter->netdev, "Releasing napi[%d]\n", i); + netif_napi_del(>napi[i]); } kfree(adapter->napi); -- 2.19.1
[PATCH 2/4] soc/fsl/qe: fix potential NULL pointer dereference in ucc_of_parse_tdm
This patch fixes a possible null pointer dereference in ucc_of_parse_tdm, detected by the semantic patch deref_null.cocci, with the following warning: ./drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but dereferenced. The following code has potential null pointer references: pdev = of_find_device_by_node(np2); if (!pdev) { ret = -EINVAL; pr_err("%pOFn: failed to lookup pdev\n", np2); of_node_put(np2); goto err_miss_siram_property; } ... err_miss_siram_property: devm_iounmap(>dev, utdm->si_regs); Signed-off-by: Wen Yang Reviewed-by: Tan Hu CC: Julia Lawall --- drivers/soc/fsl/qe/qe_tdm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/fsl/qe/qe_tdm.c b/drivers/soc/fsl/qe/qe_tdm.c index f78c346..166378b 100644 --- a/drivers/soc/fsl/qe/qe_tdm.c +++ b/drivers/soc/fsl/qe/qe_tdm.c @@ -174,7 +174,8 @@ int ucc_of_parse_tdm(struct device_node *np, struct ucc_tdm *utdm, return ret; err_miss_siram_property: - devm_iounmap(>dev, utdm->si_regs); + if (pdev) + devm_iounmap(>dev, utdm->si_regs); return ret; } EXPORT_SYMBOL(ucc_of_parse_tdm); -- 2.9.5