On Sun, 12 Nov 2017 14:47:59 +0100 Johan Hovold johan@kernel.org wrote:
On Sun, Nov 12, 2017 at 12:32:08PM +0000, Marc Zyngier wrote:
On Sat, 11 Nov 2017 17:51:25 +0100 Johan Hovold johan@kernel.org wrote:
Johan,
Fix child-node lookup during initialisation, which ended up searching the whole device tree depth-first starting at the parent rather than just matching on its children.
To make things worse, the parent giq node was prematurely freed, while
s/giq/gic/.
Care to point out where that node would be prematurely freed? I don't see your patch addressing that either...
of_find_node_by_name() is used for tree-wide searches and, as documented, drops a reference to its first argument, which in this case is the parent gic node.
Got it. Yes, that's definitely a bad idea.
the ppi-partitions node was leaked.
Fixes: e3825ba1af3a ("irqchip/gic-v3: Add support for partitioned PPIs") Cc: stable stable@vger.kernel.org # 4.7
Do you have an example of this causing any trouble in the wild? As far as I remember, the whole of_node refcounting isn't really enforced, so while this is definitely a bug, it wouldn't cause any harm anywhere.
Node refcounting is enabled with CONFIG_OF_DYNAMIC (e.g. when overlay support is enabled) and getting the refcounting wrong can lead to all sorts of issues like use-after-free and crashes.
Ah, I completely forgot about this overlay madness. Fair enough, that's tricky enough to spot that it is worth plugging ASAP.
I've queued this with a handful of other fixes for 4.15.
Thanks,
M.