1. Patchew
  2. linux
  3. View series

[PATCH] irqchip/ls-extirq: fix resource leak in ls_extirq_parse_map()

jackysliu posted 1 patch 2 months, 2 weeks ago 
drivers/irqchip/irq-ls-extirq.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] irqchip/ls-extirq: fix resource leak in ls_extirq_parse_map()
Posted by jackysliu 2 months, 2 weeks ago 
From: Siyang Liu <1972843537@qq.com>

The ls_extirq_parse_map function uses of_find_node_by_phandle() to obtain
interrupt parent nodes within a loop, but fails to release the reference
count on these nodes. This results in a kernel memory leak as the node
reference counts continuously increase.

Add of_node_put() calls to properly release the references when the nodes
are no longer needed

Signed-off-by: Siyang Liu <1972843537@qq.com>
---
 drivers/irqchip/irq-ls-extirq.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/irqchip/irq-ls-extirq.c b/drivers/irqchip/irq-ls-extirq.c
index 50a7b38381b9..fb4e7b3a6e2f 100644
--- a/drivers/irqchip/irq-ls-extirq.c
+++ b/drivers/irqchip/irq-ls-extirq.c
@@ -164,6 +164,7 @@ ls_extirq_parse_map(struct ls_extirq_data *priv, struct device_node *node)
 		for (j = 0; j < intsize; ++j)
 			priv->map[hwirq].param[j] = be32_to_cpup(map++);
 		mapsize -= intsize;
+		of_node_put(ipar);
 	}
 	return 0;
 }
-- 
2.43.5
Re: [PATCH] irqchip/ls-extirq: fix resource leak in ls_extirq_parse_map()
Posted by Thomas Gleixner 2 months, 2 weeks ago 
On Mon, Jul 21 2025 at 12:43, jackysliu wrote:

> From: Siyang Liu <1972843537@qq.com>
>
> The ls_extirq_parse_map function uses of_find_node_by_phandle() to obtain

ls_extirq_parse_map() uses ...

> interrupt parent nodes within a loop, but fails to release the reference
> count on these nodes. This results in a kernel memory leak as the node
> reference counts continuously increase.

There is no continous increase as each ipar node is only looked up and
referenced exactly once. So this leaks exactly ONE reference count per
node.

> Add of_node_put() calls to properly release the references when the nodes

I see only one call, not several calls...

> are no longer needed
>
> Signed-off-by: Siyang Liu <1972843537@qq.com>
> ---
>  drivers/irqchip/irq-ls-extirq.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/irqchip/irq-ls-extirq.c b/drivers/irqchip/irq-ls-extirq.c
> index 50a7b38381b9..fb4e7b3a6e2f 100644
> --- a/drivers/irqchip/irq-ls-extirq.c
> +++ b/drivers/irqchip/irq-ls-extirq.c
> @@ -164,6 +164,7 @@ ls_extirq_parse_map(struct ls_extirq_data *priv, struct device_node *node)
>  		for (j = 0; j < intsize; ++j)
>  			priv->map[hwirq].param[j] = be32_to_cpup(map++);
>  		mapsize -= intsize;
> +		of_node_put(ipar);

That's the wrong point as this might not be reached because of the
following checks before the inner loop:

		ret = of_property_read_u32(ipar, "#interrupt-cells", &intsize);
		if (ret)
			return ret;

		if (intsize > mapsize)
			return -EINVAL;

Please don't add put() calls in every error return path. _ONE_ put() at
the proper place is sufficient.

Thanks,

        tglx

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.