On 2025-10-28 6:36 am, Miaoqian Lin wrote:

In of_iommu_get_resv_regions(), of_find_node_by_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed.

Add a call to of_node_put() to release the reference after the usage.

Just put the reference immediately after getting it - this inner usage only happens if it's the same dev->of_node we're already using for the outer iteration, so we don't need to bother holding an extra reference as it can't suddenly disappear anyway (or even if it could, that's still not *this* code's problem...)

Thanks, Robin.

Found via static analysis.

Fixes: a5bf3cfce8cb ("iommu: Implement of_iommu_get_resv_regions()") Cc: stable@vger.kernel.org Signed-off-by: Miaoqian Lin linmq006@gmail.com

---

drivers/iommu/of_iommu.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c index 6b989a62def2..02448da8ff90 100644 --- a/drivers/iommu/of_iommu.c +++ b/drivers/iommu/of_iommu.c @@ -256,6 +256,7 @@ void of_iommu_get_resv_regions(struct device *dev, struct list_head *list) maps = of_translate_dma_region(np, maps, &iova, &length); if (length == 0) { dev_warn(dev, "Cannot reserve IOVA region of 0 size\n");

• 			of_node_put(np);
  		continue;
  	}
  	type = iommu_resv_region_get_type(dev, &phys, iova, length);
  

@@ -265,6 +266,7 @@ void of_iommu_get_resv_regions(struct device *dev, struct list_head *list) if (region) list_add_tail(&region->list, list); }

• 	of_node_put(np);
  

  } } #endif