[PATCH] cpufreq: scmi: Fix of_node use-after-free in scmi_dev_used_by_cpus()
Hans Zhang
18255117159 at 163.com
Sun Mar 8 19:20:45 PDT 2026
On 3/3/26 12:20, Viresh Kumar wrote:
> On 02-03-26, 23:53, Hans Zhang wrote:
>> In scmi_dev_used_by_cpus(), the code previously released the of_node
>> reference via of_node_put(np) before checking whether np equals scmi_np.
>> This could lead to a use-after-free if the node pointer was accessed
>> after being freed. Reorder the logic to perform the comparison first
>> and only put the node after the check, or immediately return if they
>> match. This ensures safe reference counting and avoids potential kernel
>> crashes.
>
> It shouldn't lead to a use-after-free problem as we aren't using the `np` for
> anything apart from simple comparison of value.
>
Hi Viresh,
Thank you very much for your reply. Then, do you think this patch is
necessary? Or should I revise the commit message?
Best regards,
Hans
More information about the linux-arm-kernel
mailing list