1. Patchew
  2. linux
  3. View series

[PATCH] soc: ti: pruss: fix double free in pruss_clk_mux_setup()

Wentao Liang posted 1 patch 1 month, 1 week ago
There is a newer version of this series
drivers/soc/ti/pruss.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[PATCH] soc: ti: pruss: fix double free in pruss_clk_mux_setup()
Posted by Wentao Liang 1 month, 1 week ago 
In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly
calls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np)
on the error path. However, after the devm_add_action_or_reset()
returns, the of_node_put(clk_mux_np) is called again, causing a double
free.

Fix by using a separate label to avoid the duplicate of_node_put().

Fixes: ba59c9b43c86 ("soc: ti: pruss: support CORECLK_MUX and IEPCLK_MUX")
Cc: stable@vger.kernel.org
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
 drivers/soc/ti/pruss.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/soc/ti/pruss.c b/drivers/soc/ti/pruss.c
index d7634bf5413a..c16d96bebe3f 100644
--- a/drivers/soc/ti/pruss.c
+++ b/drivers/soc/ti/pruss.c
@@ -368,13 +368,14 @@ static int pruss_clk_mux_setup(struct pruss *pruss, struct clk *clk_mux,
 				       clk_mux_np);
 	if (ret) {
 		dev_err(dev, "failed to add clkmux free action %d", ret);
-		goto put_clk_mux_np;
+		goto ret_error;
 	}
 
 	return 0;
 
 put_clk_mux_np:
 	of_node_put(clk_mux_np);
+ret_error:
 	return ret;
 }
 
-- 
2.34.1
Re: [PATCH] soc: ti: pruss: fix double free in pruss_clk_mux_setup()
Posted by Nishanth Menon 1 month ago 
On 14:32-20251225, Wentao Liang wrote:
> In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly
> calls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np)
> on the error path. However, after the devm_add_action_or_reset()
> returns, the of_node_put(clk_mux_np) is called again, causing a double
> free.
> 
> Fix by using a separate label to avoid the duplicate of_node_put().
> 
> Fixes: ba59c9b43c86 ("soc: ti: pruss: support CORECLK_MUX and IEPCLK_MUX")
> Cc: stable@vger.kernel.org
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
>  drivers/soc/ti/pruss.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/soc/ti/pruss.c b/drivers/soc/ti/pruss.c
> index d7634bf5413a..c16d96bebe3f 100644
> --- a/drivers/soc/ti/pruss.c
> +++ b/drivers/soc/ti/pruss.c
> @@ -368,13 +368,14 @@ static int pruss_clk_mux_setup(struct pruss *pruss, struct clk *clk_mux,
>  				       clk_mux_np);
>  	if (ret) {
>  		dev_err(dev, "failed to add clkmux free action %d", ret);
> -		goto put_clk_mux_np;
> +		goto ret_error;
Drop this or just return ret here?
>  	}
>  
>  	return 0;

if you dropped, then replace with return ret?

>  
>  put_clk_mux_np:
>  	of_node_put(clk_mux_np);
> +ret_error:
>  	return ret;
>  }
>  
> -- 
> 2.34.1
> 

-- 
Regards,
Nishanth Menon
Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3  1A34 DDB5 849D 1736 249D
https://ti.com/opensource
Re: [PATCH] soc: ti: pruss: fix double free in pruss_clk_mux_setup()
Posted by Markus Elfring 1 month, 1 week ago 
…
> Fix by using a separate label to avoid the duplicate of_node_put().

May you return directly?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?h=v6.19-rc2#n532

Regards,
Markus

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.