On Fri, Dec 14, 2018 at 12:43 AM <frowand.list@xxxxxxxxx> wrote: > > From: Frank Rowand <frank.rowand@xxxxxxxx> > > The phandle cache contains struct device_node pointers. The refcount > of the pointers was not incremented while in the cache, allowing use > after free error after kfree() of the node. Add the proper increment > and decrement of the use count. Since we pre-populate the cache at boot, all the nodes will have a ref count and will never be freed unless we happen to repopulate the whole cache. That doesn't seem ideal. The node pointer is not "in use" just because it is in the cache. Rob
