On 12/14/18 9:15 AM, Rob Herring wrote: > On Fri, Dec 14, 2018 at 12:43 AM <frowand.list@xxxxxxxxx> wrote: >> >> From: Frank Rowand <frank.rowand@xxxxxxxx> >> >> The phandle cache contains struct device_node pointers. The refcount >> of the pointers was not incremented while in the cache, allowing use >> after free error after kfree() of the node. Add the proper increment >> and decrement of the use count. > > Since we pre-populate the cache at boot, all the nodes will have a ref > count and will never be freed unless we happen to repopulate the whole > cache. That doesn't seem ideal. The node pointer is not "in use" just > because it is in the cache. > > Rob > This patch also adds of_node_put() so that the refcount will go to zero when the node is removed as part of an overlay remove, if the node was added by an overlay. Patch 2/2 adds the free cache entry call to __of_detach_node(), so the refcount will go to zero when the node is removed for dynamic use cases other than overlays. (For overlays, all nodes are instead removed from the cache before __of_detach_node() is called.) -Frank
