[PATCH] media: lirc: Fix error handling in lirc

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] media: lirc: Fix error handling in lirc_register()
@ 2025-01-05 10:01 Ma Ke
  2025-01-06 10:56 ` Sean Young
  0 siblings, 1 reply; 4+ messages in thread
From: Ma Ke @ 2025-01-05 10:01 UTC (permalink / raw)
  To: sean, mchehab; +Cc: linux-media, linux-kernel, Ma Ke, stable

When cdev_device_add() failed, calling put_device() to explicitly
release dev->lirc_dev. Otherwise, it could cause the fault of the
reference count.

Found by code review.

Cc: stable@vger.kernel.org
Fixes: a6ddd4fecbb0 ("media: lirc: remove last remnants of lirc kapi")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 drivers/media/rc/lirc_dev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c
index a2257dc2f25d..ed839e15fa16 100644
--- a/drivers/media/rc/lirc_dev.c
+++ b/drivers/media/rc/lirc_dev.c
@@ -765,6 +765,7 @@ int lirc_register(struct rc_dev *dev)
 	return 0;
 
 out_ida:
+	put_device(&dev->lirc_dev);
 	ida_free(&lirc_ida, minor);
 	return err;
 }
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] media: lirc: Fix error handling in lirc_register()
  2025-01-05 10:01 [PATCH] media: lirc: Fix error handling in lirc_register() Ma Ke
@ 2025-01-06 10:56 ` Sean Young
  2025-01-07  1:51   ` Ma Ke
  0 siblings, 1 reply; 4+ messages in thread
From: Sean Young @ 2025-01-06 10:56 UTC (permalink / raw)
  To: Ma Ke; +Cc: mchehab, linux-media, linux-kernel, stable

Hi,

On Sun, Jan 05, 2025 at 06:01:01PM +0800, Ma Ke wrote:
> When cdev_device_add() failed, calling put_device() to explicitly
> release dev->lirc_dev. Otherwise, it could cause the fault of the
> reference count.
> 
> Found by code review.

Interesting find, thanks for finding and reporting.

So I think the idea is right, but there is a problem. lirc_release_device()
will do a put_device() on the rcdev, but no corresponding get_device() is
done in this code path.


Sean

> 
> Cc: stable@vger.kernel.org
> Fixes: a6ddd4fecbb0 ("media: lirc: remove last remnants of lirc kapi")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>  drivers/media/rc/lirc_dev.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c
> index a2257dc2f25d..ed839e15fa16 100644
> --- a/drivers/media/rc/lirc_dev.c
> +++ b/drivers/media/rc/lirc_dev.c
> @@ -765,6 +765,7 @@ int lirc_register(struct rc_dev *dev)
>  	return 0;
>  
>  out_ida:
> +	put_device(&dev->lirc_dev);
>  	ida_free(&lirc_ida, minor);
>  	return err;
>  }
> -- 
> 2.25.1

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] media: lirc: Fix error handling in lirc_register()
  2025-01-06 10:56 ` Sean Young
@ 2025-01-07  1:51   ` Ma Ke
  2025-01-07 10:38     ` Sean Young
  0 siblings, 1 reply; 4+ messages in thread
From: Ma Ke @ 2025-01-07  1:51 UTC (permalink / raw)
  To: sean; +Cc: linux-kernel, linux-media, make24, mchehab, stable

Sean Young<sean@mess.org> wrote:
> Hi,
> 
> On Sun, Jan 05, 2025 at 06:01:01PM +0800, Ma Ke wrote:
> > When cdev_device_add() failed, calling put_device() to explicitly
> > release dev->lirc_dev. Otherwise, it could cause the fault of the
> > reference count.
> > 
> > Found by code review.
> 
> Interesting find, thanks for finding and reporting.
> 
> So I think the idea is right, but there is a problem. lirc_release_device()
> will do a put_device() on the rcdev, but no corresponding get_device() is
> done in this code path.
> 
> 
> Sean
Thank you for your reply and suggestions. Following your instructions,
I took a close look at the code. Perhaps you meant to suggest removing
the put_device() call from lirc_release_device(), effectively making 
lirc_release_device() an empty function? 
Looking forward to your reply.
--
Regards,

Ma Ke


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] media: lirc: Fix error handling in lirc_register()
  2025-01-07  1:51   ` Ma Ke
@ 2025-01-07 10:38     ` Sean Young
  0 siblings, 0 replies; 4+ messages in thread
From: Sean Young @ 2025-01-07 10:38 UTC (permalink / raw)
  To: Ma Ke; +Cc: linux-kernel, linux-media, mchehab, stable

On Tue, Jan 07, 2025 at 09:51:43AM +0800, Ma Ke wrote:
> Sean Young<sean@mess.org> wrote:
> > Hi,
> > 
> > On Sun, Jan 05, 2025 at 06:01:01PM +0800, Ma Ke wrote:
> > > When cdev_device_add() failed, calling put_device() to explicitly
> > > release dev->lirc_dev. Otherwise, it could cause the fault of the
> > > reference count.
> > > 
> > > Found by code review.
> > 
> > Interesting find, thanks for finding and reporting.
> > 
> > So I think the idea is right, but there is a problem. lirc_release_device()
> > will do a put_device() on the rcdev, but no corresponding get_device() is
> > done in this code path.
> > 
> > 
> > Sean
> Thank you for your reply and suggestions. Following your instructions,
> I took a close look at the code. Perhaps you meant to suggest removing
> the put_device() call from lirc_release_device(), effectively making 
> lirc_release_device() an empty function? 

That would introduce a memory leak and presumably the rc device would never
be cleaned up, so no I don't think that would work.

I'm not sure what the right solution is yet.

Sean

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-01-07 10:39 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-05 10:01 [PATCH] media: lirc: Fix error handling in lirc_register() Ma Ke
2025-01-06 10:56 ` Sean Young
2025-01-07  1:51   ` Ma Ke
2025-01-07 10:38     ` Sean Young

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox