From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Ma Ke <make24@iscas.ac.cn>,
Ioana Ciornei <ioana.ciornei@nxp.com>,
Simon Horman <horms@kernel.org>, Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 6.12 049/117] bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint()
Date: Wed, 30 Jul 2025 11:35:18 +0200 [thread overview]
Message-ID: <20250730093235.466825562@linuxfoundation.org> (raw)
In-Reply-To: <20250730093233.592541778@linuxfoundation.org>
6.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Ke <make24@iscas.ac.cn>
commit bddbe13d36a02d5097b99cf02354d5752ad1ac60 upstream.
The fsl_mc_get_endpoint() function may call fsl_mc_device_lookup()
twice, which would increment the device's reference count twice if
both lookups find a device. This could lead to a reference count leak.
Found by code review.
Cc: stable@vger.kernel.org
Fixes: 1ac210d128ef ("bus: fsl-mc: add the fsl_mc_get_endpoint function")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Tested-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Fixes: 8567494cebe5 ("bus: fsl-mc: rescan devices if endpoint not found")
Link: https://patch.msgid.link/20250717022309.3339976-1-make24@iscas.ac.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bus/fsl-mc/fsl-mc-bus.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
--- a/drivers/bus/fsl-mc/fsl-mc-bus.c
+++ b/drivers/bus/fsl-mc/fsl-mc-bus.c
@@ -942,6 +942,7 @@ struct fsl_mc_device *fsl_mc_get_endpoin
struct fsl_mc_obj_desc endpoint_desc = {{ 0 }};
struct dprc_endpoint endpoint1 = {{ 0 }};
struct dprc_endpoint endpoint2 = {{ 0 }};
+ struct fsl_mc_bus *mc_bus;
int state, err;
mc_bus_dev = to_fsl_mc_device(mc_dev->dev.parent);
@@ -965,6 +966,8 @@ struct fsl_mc_device *fsl_mc_get_endpoin
strcpy(endpoint_desc.type, endpoint2.type);
endpoint_desc.id = endpoint2.id;
endpoint = fsl_mc_device_lookup(&endpoint_desc, mc_bus_dev);
+ if (endpoint)
+ return endpoint;
/*
* We know that the device has an endpoint because we verified by
@@ -972,17 +975,13 @@ struct fsl_mc_device *fsl_mc_get_endpoin
* yet discovered by the fsl-mc bus, thus the lookup returned NULL.
* Force a rescan of the devices in this container and retry the lookup.
*/
- if (!endpoint) {
- struct fsl_mc_bus *mc_bus = to_fsl_mc_bus(mc_bus_dev);
-
- if (mutex_trylock(&mc_bus->scan_mutex)) {
- err = dprc_scan_objects(mc_bus_dev, true);
- mutex_unlock(&mc_bus->scan_mutex);
- }
-
- if (err < 0)
- return ERR_PTR(err);
+ mc_bus = to_fsl_mc_bus(mc_bus_dev);
+ if (mutex_trylock(&mc_bus->scan_mutex)) {
+ err = dprc_scan_objects(mc_bus_dev, true);
+ mutex_unlock(&mc_bus->scan_mutex);
}
+ if (err < 0)
+ return ERR_PTR(err);
endpoint = fsl_mc_device_lookup(&endpoint_desc, mc_bus_dev);
/*
next prev parent reply other threads:[~2025-07-30 9:44 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-30 9:34 [PATCH 6.12 000/117] 6.12.41-rc1 review Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 001/117] x86/traps: Initialize DR7 by writing its architectural reset value Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 002/117] Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 003/117] virtio_net: Enforce minimum TX ring size for reliability Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 004/117] virtio_ring: Fix error reporting in virtqueue_resize Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 005/117] regulator: core: fix NULL dereference on unbind due to stale coupling data Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 006/117] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 007/117] RDMA/core: Rate limit GID cache warning messages Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 008/117] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 009/117] iio: adc: ad7949: use spi_is_bpw_supported() Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 010/117] regmap: fix potential memory leak of regmap_bus Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 011/117] platform/mellanox: mlxbf-pmc: Remove newline char from event name input Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 012/117] platform/mellanox: mlxbf-pmc: Validate event/enable input Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 013/117] platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 014/117] tools/hv: fcopy: Fix incorrect file path conversion Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 015/117] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 016/117] platform/x86: Fix initialization order for firmware_attributes_class Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 017/117] staging: vchiq_arm: Make vchiq_shutdown never fail Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 018/117] xfrm: state: initialize state_ptrs earlier in xfrm_state_find Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 019/117] xfrm: state: use a consistent pcpu_id " Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 020/117] xfrm: Set transport header to fix UDP GRO handling Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 021/117] xfrm: interface: fix use-after-free after changing collect_md xfrm interface Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 022/117] ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 023/117] net: ti: icssg-prueth: Fix buffer allocation for ICSSG Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 024/117] net/mlx5: Fix memory leak in cmd_exec() Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 025/117] net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 026/117] i40e: report VF tx_dropped with tx_errors instead of tx_discards Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 027/117] i40e: When removing VF MAC filters, only check PF-set MAC Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 028/117] net: appletalk: Fix use-after-free in AARP proxy probe Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 029/117] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Greg Kroah-Hartman
2025-07-30 9:34 ` [PATCH 6.12 030/117] can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 031/117] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 032/117] ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 033/117] selftests: drv-net: wait for iperf client to stop sending Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 034/117] s390/ism: fix concurrency management in ism_cmd() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 035/117] net: hns3: fix concurrent setting vlan filter issue Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 036/117] net: hns3: disable interrupt when ptp init failed Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 037/117] net: hns3: fixed vf get max channels bug Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 038/117] net: hns3: default enable tx bounce buffer when smmu enabled Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 039/117] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 040/117] platform/x86: ideapad-laptop: Fix kbd backlight " Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 041/117] drm/amdgpu: Reset the clear flag in buddy during resume Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 042/117] drm/sched: Remove optimization that causes hang when killing dependent jobs Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 043/117] mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 044/117] ARM: 9450/1: Fix allowing linker DCE with binutils < 2.36 Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 045/117] timekeeping: Zero initialize system_counterval when querying time from phc drivers Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 046/117] i2c: qup: jump out of the loop in case of timeout Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 047/117] i2c: tegra: Fix reset error handling with ACPI Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 048/117] i2c: virtio: Avoid hang by using interruptible completion wait Greg Kroah-Hartman
2025-07-30 9:35 ` Greg Kroah-Hartman [this message]
2025-07-30 9:35 ` [PATCH 6.12 050/117] sprintf.h requires stdarg.h Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 051/117] ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 052/117] ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 053/117] arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 054/117] dpaa2-eth: Fix device reference count leak in MAC endpoint handling Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 055/117] dpaa2-switch: " Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 056/117] e1000e: disregard NVM checksum on tgp when valid checksum bit is not set Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 057/117] e1000e: ignore uninitialized checksum word on tgp Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 058/117] gve: Fix stuck TX queue for DQ queue format Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 059/117] ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 060/117] kasan: use vmalloc_dump_obj() for vmalloc error reports Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 061/117] nilfs2: reject invalid file types when reading inodes Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 062/117] resource: fix false warning in __request_region() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 063/117] selftests: mptcp: connect: also cover alt modes Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 064/117] selftests: mptcp: connect: also cover checksum Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 065/117] mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 066/117] mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 067/117] rust: give Clippy the minimum supported Rust version Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 068/117] selftests/bpf: Add tests with stack ptr register in conditional jmp Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 069/117] usb: typec: tcpm: allow to use sink in accessory mode Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 070/117] usb: typec: tcpm: allow switching to mode accessory to mux properly Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 071/117] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 072/117] spi: cadence-quadspi: fix cleanup of rx_chan on failure paths Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 073/117] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 074/117] jfs: reject on-disk inodes of an unsupported type Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 075/117] comedi: comedi_test: Fix possible deletion of uninitialized timers Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 076/117] crypto: powerpc/poly1305 - add depends on BROKEN for now Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 077/117] mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 078/117] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 079/117] erofs: simplify z_erofs_load_compact_lcluster() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 080/117] erofs: refine z_erofs_get_extent_compressedlen() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 081/117] erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 082/117] erofs: simplify tail inline pcluster handling Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 083/117] erofs: clean up header parsing for ztailpacking and fragments Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 084/117] erofs: fix large fragment handling Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 085/117] ext4: dont explicit update times in ext4_fallocate() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 086/117] ext4: refactor ext4_punch_hole() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 087/117] ext4: refactor ext4_zero_range() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 088/117] ext4: refactor ext4_collapse_range() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 089/117] ext4: refactor ext4_insert_range() Greg Kroah-Hartman
2025-07-30 9:35 ` [PATCH 6.12 090/117] ext4: factor out ext4_do_fallocate() Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 091/117] ext4: move out inode_lock into ext4_fallocate() Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 092/117] ext4: move out common parts " Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 093/117] ext4: fix incorrect punch max_end Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 094/117] ext4: correct the error handle in ext4_fallocate() Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 095/117] ext4: fix out of bounds punch offset Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 096/117] KVM: x86: drop x86.h include from cpuid.h Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 097/117] KVM: x86: Route non-canonical checks in emulator through emulate_ops Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 098/117] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 099/117] KVM: x86: model canonical checks more precisely Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 100/117] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 101/117] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 102/117] arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 103/117] Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 104/117] wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 105/117] iio: hid-sensor-prox: Restore lost scale assignments Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 106/117] iio: hid-sensor-prox: Fix incorrect OFFSET calculation Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 107/117] ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 108/117] Drivers: hv: Make the sysfs node size for the ring buffer dynamic Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 109/117] ALSA: hda/tegra: Add Tegra264 support Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 110/117] ALSA: hda: Add missing NVIDIA HDA codec IDs Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 111/117] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 112/117] Revert "drm/xe/gt: Update handling of xe_force_wake_get return" Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 113/117] Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 114/117] Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 115/117] Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 116/117] KVM: x86: Free vCPUs before freeing VM state Greg Kroah-Hartman
2025-07-30 9:36 ` [PATCH 6.12 117/117] mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma Greg Kroah-Hartman
2025-07-30 13:18 ` [PATCH 6.12 000/117] 6.12.41-rc1 review Pavel Machek
2025-07-30 14:09 ` Jon Hunter
2025-07-30 16:31 ` Mark Brown
2025-07-30 17:18 ` Brett A C Sheffield
2025-07-30 18:46 ` Peter Schneider
2025-07-30 20:53 ` Shuah Khan
2025-07-31 7:10 ` Harshit Mogalapalli
2025-07-31 8:44 ` Ron Economos
2025-07-31 10:30 ` Naresh Kamboju
2025-07-31 14:12 ` Brett Mastbergen
2025-07-31 18:55 ` Miguel Ojeda
2025-08-01 1:29 ` Hardik Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250730093235.466825562@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=horms@kernel.org \
--cc=ioana.ciornei@nxp.com \
--cc=kuba@kernel.org \
--cc=make24@iscas.ac.cn \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox