| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260117055433.416027-1-geoffreyhe2@gmail.com>
Date: Sat, 17 Jan 2026 05:54:33 +0000
From: Weigang He <geoffreyhe2@...il.com>
To: tony@...mide.com,
aaro.koskinen@....fi,
andreas@...nade.info,
khilman@...libre.com,
rogerq@...nel.org
Cc: linux-omap@...r.kernel.org,
linux-kernel@...r.kernel.org,
Weigang He <geoffreyhe2@...il.com>,
stable@...r.kernel.org
Subject: [PATCH] bus: ti-sysc: fix reference count leak in sysc_init_stdout_path()
of_find_node_by_path() returns a device_node with refcount incremented.
When of_get_property() is called to get the stdout-path property, the
reference to the "/chosen" node stored in np is either leaked if the
property lookup fails, or overwritten when np is reassigned to the uart
node path without releasing the "/chosen" reference first.
Add of_node_put(np) after of_get_property() to properly release the
"/chosen" node reference before either going to the error path or
acquiring a new reference for the uart path.
Fixes: 3bb37c8e6e6a ("bus: ti-sysc: Handle stdout-path for debug console")
Cc: stable@...r.kernel.org
Signed-off-by: Weigang He <geoffreyhe2@...il.com>
---
drivers/bus/ti-sysc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c
index 610354ce7f8f0..091cdad2f2cc6 100644
--- a/drivers/bus/ti-sysc.c
+++ b/drivers/bus/ti-sysc.c
@@ -696,6 +696,7 @@ static void sysc_init_stdout_path(struct sysc *ddata)
goto err;
uart = of_get_property(np, "stdout-path", NULL);
+ of_node_put(np);
if (!uart)
goto err;
--
2.34.1
Powered by blists - more mailing lists