On Tue, 2017-04-18 at 00:21:40 UTC, Tyrel Datwyler wrote: > Historically device_node references were tracked using a kref embedded > as a struct field. Commit 75b57ecf9 refactored device_nodes to be > kobjects such that the device tree could by more simply exposed to > userspace using sysfs. Commit 0829f6d1f6 followed up these changes to > better control the kobject lifecycle and in particular the referecne > counting via of_node_get(), of_node_put(), and of_node_init(). A side > effect of this second commit was that it introduced an of_node_put() > call when a dynamic node is detached that removes the initial kobj > reference created by of_node_init() . Traditionally as the original > dynamic device node user the pseries code had assumed responsibilty for > releasing this final reference in its platform specific DLPAR detach code. > > This patch fixes a refcount underflow introduced by commit 0829f6d1f6, > and recently exposed by the upstreaming of the recount API. > > Messages like the following are no longer seen in the kernel log with this > patch following DLPAR remove operations of cpus and pci devices. > > [ 269.589441] rpadlpar_io: slot PHB 72 removed > [ 270.589997] refcount_t: underflow; use-after-free. > [ 270.590019] ------------[ cut here ]------------ > [ 270.590025] WARNING: CPU: 5 PID: 3335 at > lib/refcount.c:128 refcount_sub_and_test+0xf4/0x110 > > Cc: stable@xxxxxxxxxxxxxxx > Fixes: 0829f6d1f69e ("of: device_node kobject lifecycle fixes") > Signed-off-by: Tyrel Datwyler <tyreld@xxxxxxxxxxxxxxxxxx> Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/68baf692c435339e6295cb470ea554 cheers