of/irq: Fix device node refcount leakages in of_irq_init()

of_irq_init() will leak interrupt controller device node refcounts
in two places as explained below:

1) Leak refcounts of both @desc->dev and @desc->interrupt_parent when
   suffers @desc->irq_init_cb() failure.
2) Leak refcount of @desc->interrupt_parent when cleans up list
   @intc_desc_list in the end.

Refcounts of both @desc->dev and @desc->interrupt_parent were got in
the first loop, but of_irq_init() does not put them before kfree(@desc)
in places mentioned above, so causes refcount leakages.

Fix by putting refcounts involved before kfree(@desc).

Fixes: 8363ccb917c6 ("of/irq: add missing of_node_put")
Fixes: c71a54b08201 ("of/irq: introduce of_irq_init")
Cc: stable@vger.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/r/20250209-of_irq_fix-v2-7-93e3a2659aa7@quicinc.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>

diff --git a/drivers/of/irq.c b/drivers/of/irq.c
index 2f8dcb77a800db7468f5201c588a4d7c1cfac45f..f5459ad50f3674f7dc0aed5df76bb788cb589517 100644 (file)
--- a/drivers/of/irq.c
+++ b/drivers/of/irq.c
@@ -632,6 +632,8 @@ void __init of_irq_init(const struct of_device_id *matches)
                                       __func__, desc->dev, desc->dev,
                                       desc->interrupt_parent);
                                of_node_clear_flag(desc->dev, OF_POPULATED);
+                               of_node_put(desc->interrupt_parent);
+                               of_node_put(desc->dev);
                                kfree(desc);
                                continue;
                        }
@@ -662,6 +664,7 @@ void __init of_irq_init(const struct of_device_id *matches)
 err:
        list_for_each_entry_safe(desc, temp_desc, &intc_desc_list, list) {
                list_del(&desc->list);
+               of_node_put(desc->interrupt_parent);
                of_node_put(desc->dev);
                kfree(desc);
        }