| Message ID | 20220702022936.266146-1-windhl@126.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | powerpc: kernel: pci-common: Fix refcount bug for 'phb->dn' | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/github-powerpc_ppctests | success | Successfully ran 10 jobs. |
| snowpatch_ozlabs/github-powerpc_selftests | success | Successfully ran 10 jobs. |
| snowpatch_ozlabs/github-powerpc_clang | success | Successfully ran 7 jobs. |
| snowpatch_ozlabs/github-powerpc_sparse | success | Successfully ran 4 jobs. |
| snowpatch_ozlabs/github-powerpc_kernel_qemu | success | Successfully ran 23 jobs. |
On Sat, 2 Jul 2022 10:29:36 +0800, Liang He wrote: > In pcibios_alloc_controller(), 'phb' is allocated and escaped into > global 'hose_list'. So we should call of_node_get() when a new reference > created into 'phb->dn'. And when phb is freed, we should call > of_node_put() on it. > > NOTE: This function is called in the iteration of for_each_xx in > chrp_find_bridges() function. If there is no of_node_get(), the object > maybe prematurely freed. > > [...] Applied to powerpc/next. [1/1] powerpc: kernel: pci-common: Fix refcount bug for 'phb->dn' https://git.kernel.org/powerpc/c/ce63c44b63cdae892107717ba10fdb6fb4fc6cdb cheers
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c index 068410cd54a3..f58dcf3a92bb 100644 --- a/arch/powerpc/kernel/pci-common.c +++ b/arch/powerpc/kernel/pci-common.c @@ -117,7 +117,7 @@ struct pci_controller *pcibios_alloc_controller(struct device_node *dev) phb->global_number = get_phb_number(dev); list_add_tail(&phb->list_node, &hose_list); spin_unlock(&hose_spinlock); - phb->dn = dev; + phb->dn = of_node_get(dev); phb->is_dynamic = slab_is_available(); #ifdef CONFIG_PPC64 if (dev) { @@ -140,7 +140,7 @@ void pcibios_free_controller(struct pci_controller *phb) /* Clear bit of phb_bitmap to allow reuse of this PHB number. */ if (phb->global_number < MAX_PHBS) clear_bit(phb->global_number, phb_bitmap); - + of_node_put(phb->dn); list_del(&phb->list_node); spin_unlock(&hose_spinlock);
In pcibios_alloc_controller(), 'phb' is allocated and escaped into global 'hose_list'. So we should call of_node_get() when a new reference created into 'phb->dn'. And when phb is freed, we should call of_node_put() on it. NOTE: This function is called in the iteration of for_each_xx in chrp_find_bridges() function. If there is no of_node_get(), the object maybe prematurely freed. Signed-off-by: Liang He <windhl@126.com> --- I do not know if we should insert the of_node_put() in or out of the spin_lock/spin_unlock. Please check it carefully. arch/powerpc/kernel/pci-common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)