1. Patchew
  2. linux
  3. View series

[PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled

Miaoqian Lin posted 1 patch 5 months, 1 week ago 
drivers/media/platform/renesas/rcar_drif.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled
Posted by Miaoqian Lin 5 months, 1 week ago 
The function calls of_parse_phandle() which returns
a device node with an incremented reference count. When the bonded device
is not available, the function
returns NULL without releasing the reference, causing a reference leak.

Add of_node_put(np) to release the device node reference.
The of_node_put function handles NULL pointers.

Found through static analysis by reviewing the doc of of_parse_phandle()
and cross-checking its usage patterns across the codebase.

Fixes: 7625ee981af1 ("[media] media: platform: rcar_drif: Add DRIF support")
Cc: stable@vger.kernel.org
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
 drivers/media/platform/renesas/rcar_drif.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/platform/renesas/rcar_drif.c b/drivers/media/platform/renesas/rcar_drif.c
index fc8b6bbef793..c5d676eb1091 100644
--- a/drivers/media/platform/renesas/rcar_drif.c
+++ b/drivers/media/platform/renesas/rcar_drif.c
@@ -1246,6 +1246,7 @@ static struct device_node *rcar_drif_bond_enabled(struct platform_device *p)
 	if (np && of_device_is_available(np))
 		return np;
 
+	of_node_put(np);
 	return NULL;
 }
 
-- 
2.35.1
Re: [PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled
Posted by Geert Uytterhoeven 5 months, 1 week ago 
On Wed, 3 Sept 2025 at 15:37, Miaoqian Lin <linmq006@gmail.com> wrote:
> The function calls of_parse_phandle() which returns
> a device node with an incremented reference count. When the bonded device
> is not available, the function
> returns NULL without releasing the reference, causing a reference leak.
>
> Add of_node_put(np) to release the device node reference.
> The of_node_put function handles NULL pointers.
>
> Found through static analysis by reviewing the doc of of_parse_phandle()
> and cross-checking its usage patterns across the codebase.
>
> Fixes: 7625ee981af1 ("[media] media: platform: rcar_drif: Add DRIF support")
> Cc: stable@vger.kernel.org
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>

Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>

Note that this is a duplicate of "[PATCH] media: rcar_drif: Fix an OF
node leak in rcar_drif_bond_enabled()", which was never applied.

[1] https://lore.kernel.org/20250105111050.3859712-1-joe@pf.is.s.u-tokyo.ac.jp

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Re: [PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled
Posted by Hans Verkuil 3 months ago 
On 03/09/2025 17:09, Geert Uytterhoeven wrote:
> On Wed, 3 Sept 2025 at 15:37, Miaoqian Lin <linmq006@gmail.com> wrote:
>> The function calls of_parse_phandle() which returns
>> a device node with an incremented reference count. When the bonded device
>> is not available, the function
>> returns NULL without releasing the reference, causing a reference leak.
>>
>> Add of_node_put(np) to release the device node reference.
>> The of_node_put function handles NULL pointers.
>>
>> Found through static analysis by reviewing the doc of of_parse_phandle()
>> and cross-checking its usage patterns across the codebase.
>>
>> Fixes: 7625ee981af1 ("[media] media: platform: rcar_drif: Add DRIF support")
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> 
> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
> 
> Note that this is a duplicate of "[PATCH] media: rcar_drif: Fix an OF
> node leak in rcar_drif_bond_enabled()", which was never applied.
> 
> [1] https://lore.kernel.org/20250105111050.3859712-1-joe@pf.is.s.u-tokyo.ac.jp

Ah, that patch was never CC-ed to linux-media, so never ended up in our patchwork
instance. That's why that wasn't picked up.

I'll take this patch instead.

Regards,

	Hans

> 
> Gr{oetje,eeting}s,
> 
>                         Geert
>
Re: [PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled
Posted by Markus Elfring 5 months, 1 week ago 
> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>

Are any description details still improvable?


> Note that this is a duplicate of "[PATCH] media: rcar_drif: Fix an OF
> node leak in rcar_drif_bond_enabled()", which was never applied.
> 
> [1] https://lore.kernel.org/20250105111050.3859712-1-joe@pf.is.s.u-tokyo.ac.jp

Would it be nicer (in principle) to integrate this patch finally?

Regards,
Markus

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.