| Message ID | 1411738426-18375-1-git-send-email-l.stach@pengutronix.de (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
On Friday, September 26, 2014 03:33:46 PM Lucas Stach wrote: > If cpufreq_generic_init() fails we jump into the resource > cleanup path which contains a of_node_put() call. Another > instance of this has already been called at that time > resulting a double decrement of the refcount. > > Fix this by calling of_node_put() only after we are sure > that nothing has gone wrong. > > Signed-off-by: Lucas Stach <l.stach@pengutronix.de> -stable material? > --- > drivers/cpufreq/cpufreq-dt.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c > index e00265066a75..6bbb8b913446 100644 > --- a/drivers/cpufreq/cpufreq-dt.c > +++ b/drivers/cpufreq/cpufreq-dt.c > @@ -259,7 +259,6 @@ static int cpufreq_init(struct cpufreq_policy *policy) > else > priv->cdev = cdev; > } > - of_node_put(np); > > priv->cpu_dev = cpu_dev; > priv->cpu_reg = cpu_reg; > @@ -270,6 +269,8 @@ static int cpufreq_init(struct cpufreq_policy *policy) > if (ret) > goto out_cooling_unregister; > > + of_node_put(np); > + > return 0; > > out_cooling_unregister: >
Am Samstag, den 27.09.2014, 00:14 +0200 schrieb Rafael J. Wysocki: > On Friday, September 26, 2014 03:33:46 PM Lucas Stach wrote: > > If cpufreq_generic_init() fails we jump into the resource > > cleanup path which contains a of_node_put() call. Another > > instance of this has already been called at that time > > resulting a double decrement of the refcount. > > > > Fix this by calling of_node_put() only after we are sure > > that nothing has gone wrong. > > > > Signed-off-by: Lucas Stach <l.stach@pengutronix.de> > > -stable material? > The relevant code that exposed this bug was only merged in 3.17, so this patch is only -stable if it goes in after 3.17 final. > > --- > > drivers/cpufreq/cpufreq-dt.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c > > index e00265066a75..6bbb8b913446 100644 > > --- a/drivers/cpufreq/cpufreq-dt.c > > +++ b/drivers/cpufreq/cpufreq-dt.c > > @@ -259,7 +259,6 @@ static int cpufreq_init(struct cpufreq_policy *policy) > > else > > priv->cdev = cdev; > > } > > - of_node_put(np); > > > > priv->cpu_dev = cpu_dev; > > priv->cpu_reg = cpu_reg; > > @@ -270,6 +269,8 @@ static int cpufreq_init(struct cpufreq_policy *policy) > > if (ret) > > goto out_cooling_unregister; > > > > + of_node_put(np); > > + > > return 0; > > > > out_cooling_unregister: > > >
diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c index e00265066a75..6bbb8b913446 100644 --- a/drivers/cpufreq/cpufreq-dt.c +++ b/drivers/cpufreq/cpufreq-dt.c @@ -259,7 +259,6 @@ static int cpufreq_init(struct cpufreq_policy *policy) else priv->cdev = cdev; } - of_node_put(np); priv->cpu_dev = cpu_dev; priv->cpu_reg = cpu_reg; @@ -270,6 +269,8 @@ static int cpufreq_init(struct cpufreq_policy *policy) if (ret) goto out_cooling_unregister; + of_node_put(np); + return 0; out_cooling_unregister:
If cpufreq_generic_init() fails we jump into the resource cleanup path which contains a of_node_put() call. Another instance of this has already been called at that time resulting a double decrement of the refcount. Fix this by calling of_node_put() only after we are sure that nothing has gone wrong. Signed-off-by: Lucas Stach <l.stach@pengutronix.de> --- drivers/cpufreq/cpufreq-dt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)