LinuxLists.cc - [PATCH 0/3] of: irq: Fixes refcount issues with of_irq_parse_one()/of_irq_parse

2023-03-01 23:04:32

Subject: [PATCH 0/3] of: irq: Fixes refcount issues with of_irq_parse_one()/of_irq_parse_raw()

This series attempts to fix refcounting issues related to of_irq_parse_one()
and of_irq_parse_raw().

The first issue is simply that most callers of of_irq_parse_one() and
of_irq_parse_raw() don't call of_node_put() on the returned device node when
they no longer need it.

The second issue is a double get() happening in of_irq_parse_one() when
parsing the "interrupts-extended" properties.

WARNING: I tried to be careful when modifying the callers of
of_irq_parse_one()/of_irq_parse_raw() but haven't test-build all the changes.

Jean-Jacques Hiblot (3):
of: irq: make callers of of_irq_parse_raw() release the device node
of: irq: make callers of of_irq_parse_one() release the device node
of: irq: release the node after looking up for "interrupts-extended"

.../mach-shmobile/regulator-quirk-rcar-gen2.c | 1 +
arch/powerpc/platforms/fsl_uli1575.c | 1 +
arch/powerpc/sysdev/mpic_msi.c | 1 +
drivers/bcma/main.c | 5 +++-
drivers/clocksource/timer-clint.c | 1 +
drivers/irqchip/irq-mchp-eic.c | 1 +
drivers/irqchip/irq-owl-sirq.c | 1 +
drivers/irqchip/irq-renesas-rzg2l.c | 1 +
drivers/irqchip/irq-sifive-plic.c | 1 +
drivers/irqchip/irq-sun6i-r.c | 2 ++
drivers/of/irq.c | 30 ++++++++++++++-----
drivers/of/unittest.c | 7 +++++
drivers/pci/of.c | 6 +++-
drivers/soc/ti/knav_qmss_queue.c | 3 ++
drivers/usb/host/xhci-tegra.c | 1 +
15 files changed, 53 insertions(+), 9 deletions(-)

--
2.25.1

2023-03-02 00:13:59

by Jean-Jacques Hiblot

[permalink] [raw]

Subject: [PATCH 3/3] of: irq: release the node after looking up for "interrupts-extended"

When of_parse_phandle_with_args() succeeds, a get() is performed on
out_irq->np. And another get() is performed in of_irq_parse_raw(),
resulting in the refcount being incremented twice.
Fixing this by calling put() after of_irq_parse_raw().

Signed-off-by: Jean-Jacques Hiblot <[email protected]>
---
drivers/of/irq.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/of/irq.c b/drivers/of/irq.c
index 95da943fcf075..244f240bc4ac4 100644
--- a/drivers/of/irq.c
+++ b/drivers/of/irq.c
@@ -349,8 +349,12 @@ int of_irq_parse_one(struct device_node *device, int index, struct of_phandle_ar
/* Try the new-style interrupts-extended first */
res = of_parse_phandle_with_args(device, "interrupts-extended",
"#interrupt-cells", index, out_irq);
- if (!res)
- return of_irq_parse_raw(addr, out_irq);
+ if (!res) {
+ p = out_irq->np;
+ res = of_irq_parse_raw(addr, out_irq);
+ of_node_put(p);
+ return res;
+ }

/* Look for the interrupt parent. */
p = of_irq_find_parent(device);
--
2.25.1