Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues: - [High] Dropping `private->mutex_node` on bind deferral causes Use-After-Free on retry and double-free in remove. -- commit f75632ba90679309b109146f80c6f864e8f03801 Author: WenTao Liang <[email protected]> drm/mediatek: fix of_node leak in mtk_drm_probe loop This commit prevents leaking of_node references in the mtk_drm_probe loop by properly dropping previously stored references before overwriting them for the same index. > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c > b/drivers/gpu/drm/mediatek/mtk_drm_drv.c > index c86a3f54f35bc..58860f7071a9e 100644 > --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c > +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c [ ... ] [Severity: High] This is a pre-existing issue, but while reviewing the lifecycle of private->mutex_node managed in this patch, I noticed a potential problem in mtk_drm_bind() in drivers/gpu/drm/mediatek/mtk_drm_drv.c: pdev = of_find_device_by_node(private->mutex_node); if (!pdev) { dev_err(dev, "Waiting for disp-mutex device %pOF\n", private->mutex_node); of_node_put(private->mutex_node); return -EPROBE_DEFER; } Since private->mutex_node is a persistent reference acquired in mtk_drm_probe(), does dropping it on this -EPROBE_DEFER error path lead to a use-after-free when the component framework retries the bind operation and accesses it again? Furthermore, since mtk_drm_remove() unconditionally cleans up this reference, would this early drop also result in a double-free during teardown? -- Sashiko AI review ยท https://sashiko.dev/#/patchset/[email protected]?part=1
