[PATCH] fpga: region: fix use-after-free in child_regions_with_firmware()

[PATCH] fpga: region: fix use-after-free in child_regions_with_firmware()

[Wentao Liang]

Move of_node_put(child_region) after the error print to avoid accessing
freed memory when pr_err() references child_region.

Fixes: ef3acdd82075 ("fpga: region: move device tree support to of-fpga-region.c")
Cc: stable@vger.kernel.org
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
 drivers/fpga/of-fpga-region.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/fpga/of-fpga-region.c b/drivers/fpga/of-fpga-region.c
index caa091224dc5..9107a5b461d3 100644
--- a/drivers/fpga/of-fpga-region.c
+++ b/drivers/fpga/of-fpga-region.c
@@ -168,11 +168,10 @@ static int child_regions_with_firmware(struct device_node *overlay)
 						     fpga_region_of_match);
 	}
 
-	of_node_put(child_region);
-
 	if (ret)
 		pr_err("firmware-name not allowed in child FPGA region: %pOF",
 		       child_region);
+	of_node_put(child_region);
 
 	return ret;
 }
-- 
2.34.1

Re: [PATCH] fpga: region: fix use-after-free in child_regions_with_firmware()

[Xu Yilun]

On Wed, Apr 08, 2026 at 03:45:34PM +0000, Wentao Liang wrote:
> Move of_node_put(child_region) after the error print to avoid accessing
> freed memory when pr_err() references child_region.
> 
> Fixes: ef3acdd82075 ("fpga: region: move device tree support to of-fpga-region.c")

The Fixes tag should identify the commit that introduced the problem, so
it should be:

  Fixes: 0fa20cdfcc1f ("fpga: fpga-region: device tree control for FPGA")

I fixed it in place.

Reviewed-by: Xu Yilun <yilun.xu@intel.com>

Applied to for-next