[PATCH] staging: most: dim2: fix missing cleanup on interface registration failure

[PATCH] staging: most: dim2: fix missing cleanup on interface registration failure

[Navaneeth K]

If most_register_interface() fails, the function returned immediately
without freeing the allocated 'dev' structure or resetting the hardware
state via dim_shutdown().

Add a proper error path that jumps to the existing error handling label
to ensure resources are freed and the hardware is shut down correctly.

Signed-off-by: Navaneeth K <knavaneeth786@gmail.com>
---
 drivers/staging/most/dim2/dim2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/most/dim2/dim2.c b/drivers/staging/most/dim2/dim2.c
index dad2abe6c0c9..ddf86d794448 100644
--- a/drivers/staging/most/dim2/dim2.c
+++ b/drivers/staging/most/dim2/dim2.c
@@ -889,7 +889,11 @@ static int dim2_probe(struct platform_device *pdev)
 	dev->dev.parent = &pdev->dev;
 	dev->dev.release = dim2_release;
 
-	return most_register_interface(&dev->most_iface);
+	ret = most_register_interface(&dev->most_iface);
+	if (ret)
+		goto err_shutdown_dim;
+
+	return 0;
 
 err_shutdown_dim:
 	dim_shutdown();
-- 
2.43.0

Re: [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure

[Abdun Nihaal]

nack.

On Sat, Nov 22, 2025 at 06:56:56PM +0000, Navaneeth K wrote:
> If most_register_interface() fails, the function returned immediately
> without freeing the allocated 'dev' structure or resetting the hardware
> state via dim_shutdown().

Based on the commit message of the following commit,
most_register_interface() is expected to free the passed interface using
device release both on success and error.
commit baadf2a5c26e ("most: usb: fix double free on late probe failure")
https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/

>  	dev->dev.release = dim2_release;
>  
> -	return most_register_interface(&dev->most_iface);
> +	ret = most_register_interface(&dev->most_iface);
> +	if (ret)
> +		goto err_shutdown_dim;
> +
> +	return 0;

Commit d445aa402d60 ("staging: most: dim2: use device release method")
converted this code to use device release, where the function stored in
dev.release (dim2_release() here) will be called to free the device
when put_device() or device_unregister() is called on the device.

dim2_release() does free and shut down the hardware correctly, so doing
it again in the error path would lead to a double free.

However, I do see that in most_register_interface() function, the first
few error paths (before the device_register() call) are not calling
put_device() to free the interface device, which is inconsistent with
the later error paths in that function.

Leave this code as it is, and fix the most_register_interface()
to consistently release the device on error, by calling put_device()
on those early error paths.

Also, when sending bug fixes, add a Fixes tag.

Regards,
Nihaal

Re: [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure

[Navaneeth K]

Hi Nihaal,
Thank you for the detailed explanation.
That makes perfect sense. I wasn’t aware that most_register_interface()
is intended to handle cleanup via the dev.release path even on failure.
I will analyze most_register_interface() and prepare a follow-up patch
to address the inconsistency in the early error paths where put_device()
is missing, as you suggested.

Greg, since this version of the patch would introduce a double-free,
could you please drop it from staging-testing?

Regards,
Navaneeth

On 25-11-2025 20:46, Abdun Nihaal wrote:
> nack.
>
> On Sat, Nov 22, 2025 at 06:56:56PM +0000, Navaneeth K wrote:
>> If most_register_interface() fails, the function returned immediately
>> without freeing the allocated 'dev' structure or resetting the hardware
>> state via dim_shutdown().
> Based on the commit message of the following commit,
> most_register_interface() is expected to free the passed interface using
> device release both on success and error.
> commit baadf2a5c26e ("most: usb: fix double free on late probe failure")
> https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/
>
>>   	dev->dev.release = dim2_release;
>>   
>> -	return most_register_interface(&dev->most_iface);
>> +	ret = most_register_interface(&dev->most_iface);
>> +	if (ret)
>> +		goto err_shutdown_dim;
>> +
>> +	return 0;
> Commit d445aa402d60 ("staging: most: dim2: use device release method")
> converted this code to use device release, where the function stored in
> dev.release (dim2_release() here) will be called to free the device
> when put_device() or device_unregister() is called on the device.
>
> dim2_release() does free and shut down the hardware correctly, so doing
> it again in the error path would lead to a double free.
>
> However, I do see that in most_register_interface() function, the first
> few error paths (before the device_register() call) are not calling
> put_device() to free the interface device, which is inconsistent with
> the later error paths in that function.
>
> Leave this code as it is, and fix the most_register_interface()
> to consistently release the device on error, by calling put_device()
> on those early error paths.
>
> Also, when sending bug fixes, add a Fixes tag.
>
> Regards,
> Nihaal

Re: [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure

[Greg KH]

On Tue, Nov 25, 2025 at 09:36:16PM +0530, Navaneeth K wrote:
> Hi Nihaal,
> Thank you for the detailed explanation.
> That makes perfect sense. I wasn’t aware that most_register_interface()
> is intended to handle cleanup via the dev.release path even on failure.
> I will analyze most_register_interface() and prepare a follow-up patch
> to address the inconsistency in the early error paths where put_device()
> is missing, as you suggested.
> 
> Greg, since this version of the patch would introduce a double-free,
> could you please drop it from staging-testing?

Ok, will go drop it now, thanks.

greg k-h