Hi Thomas,
Catching up on email...
On 2020-07-09 10:53, Thomas Gleixner wrote:
Quite some non OF/ACPI users of irqdomains allocate firmware nodes of
type
IRQCHIP_FWNODE_NAMED or IRQCHIP_FWNODE_NAMED_ID and free them right
after
creating the irqdomain. The only purpose of these FW nodes is to convey
name information. When this was introduced the core code did not store
the
pointer to the node in the irqdomain. A recent change stored the
firmware
node pointer in irqdomain for other reasons and missed to notice that
the
usage sites which do the alloc_fwnode/create_domain/free_fwnode
sequence
are broken by this. Storing a dangling pointer is dangerous itself, but
in
case that the domain is destroyed later on this leads to a double free.
Remove the freeing of the firmware node after creating the irqdomain
from
all affected call sites to cure this.
Fixes: 711419e504eb ("irqdomain: Add the missing assignment of
domain->fwnode for named fwnode")
Reported-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Urgh, that's pretty disastrous. My bad. Thanks a lot for having
put this patch together.
Acked-by: Marc Zyngier <maz@xxxxxxxxxx>
If you can take it directly into Linus' tree, that'd be greatly
appreciated.
Thanks again,
M.
--
Jazz is not dead. It just smells funny...
