[PATCH] staging: most: dim2: fix missing cleanup on interface registration failure

public inbox for linux-staging@lists.linux.dev
 help / color / mirror / Atom feed

* [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure
@ 2025-11-22 18:56 Navaneeth K
  2025-11-25 15:16 ` Abdun Nihaal
  0 siblings, 1 reply; 4+ messages in thread
From: Navaneeth K @ 2025-11-22 18:56 UTC (permalink / raw)
  To: parthiban.veerasooran, christian.gromm, gregkh
  Cc: linux-staging, linux-kernel, Navaneeth K

If most_register_interface() fails, the function returned immediately
without freeing the allocated 'dev' structure or resetting the hardware
state via dim_shutdown().

Add a proper error path that jumps to the existing error handling label
to ensure resources are freed and the hardware is shut down correctly.

Signed-off-by: Navaneeth K <knavaneeth786@gmail.com>
---
 drivers/staging/most/dim2/dim2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/most/dim2/dim2.c b/drivers/staging/most/dim2/dim2.c
index dad2abe6c0c9..ddf86d794448 100644
--- a/drivers/staging/most/dim2/dim2.c
+++ b/drivers/staging/most/dim2/dim2.c
@@ -889,7 +889,11 @@ static int dim2_probe(struct platform_device *pdev)
 	dev->dev.parent = &pdev->dev;
 	dev->dev.release = dim2_release;
 
-	return most_register_interface(&dev->most_iface);
+	ret = most_register_interface(&dev->most_iface);
+	if (ret)
+		goto err_shutdown_dim;
+
+	return 0;
 
 err_shutdown_dim:
 	dim_shutdown();
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure
  2025-11-22 18:56 [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure Navaneeth K
@ 2025-11-25 15:16 ` Abdun Nihaal
  2025-11-25 16:06   ` Navaneeth K
  0 siblings, 1 reply; 4+ messages in thread
From: Abdun Nihaal @ 2025-11-25 15:16 UTC (permalink / raw)
  To: Navaneeth K
  Cc: parthiban.veerasooran, christian.gromm, gregkh, linux-staging,
	linux-kernel

nack.

On Sat, Nov 22, 2025 at 06:56:56PM +0000, Navaneeth K wrote:
> If most_register_interface() fails, the function returned immediately
> without freeing the allocated 'dev' structure or resetting the hardware
> state via dim_shutdown().

Based on the commit message of the following commit,
most_register_interface() is expected to free the passed interface using
device release both on success and error.
commit baadf2a5c26e ("most: usb: fix double free on late probe failure")
https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/

>  	dev->dev.release = dim2_release;
>  
> -	return most_register_interface(&dev->most_iface);
> +	ret = most_register_interface(&dev->most_iface);
> +	if (ret)
> +		goto err_shutdown_dim;
> +
> +	return 0;

Commit d445aa402d60 ("staging: most: dim2: use device release method")
converted this code to use device release, where the function stored in
dev.release (dim2_release() here) will be called to free the device
when put_device() or device_unregister() is called on the device.

dim2_release() does free and shut down the hardware correctly, so doing
it again in the error path would lead to a double free.

However, I do see that in most_register_interface() function, the first
few error paths (before the device_register() call) are not calling
put_device() to free the interface device, which is inconsistent with
the later error paths in that function.

Leave this code as it is, and fix the most_register_interface()
to consistently release the device on error, by calling put_device()
on those early error paths.

Also, when sending bug fixes, add a Fixes tag.

Regards,
Nihaal

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure
  2025-11-25 15:16 ` Abdun Nihaal
@ 2025-11-25 16:06   ` Navaneeth K
  2025-11-26 11:32     ` Greg KH
  0 siblings, 1 reply; 4+ messages in thread
From: Navaneeth K @ 2025-11-25 16:06 UTC (permalink / raw)
  To: Abdun Nihaal
  Cc: parthiban.veerasooran, christian.gromm, gregkh, linux-staging,
	linux-kernel

Hi Nihaal,
Thank you for the detailed explanation.
That makes perfect sense. I wasn’t aware that most_register_interface()
is intended to handle cleanup via the dev.release path even on failure.
I will analyze most_register_interface() and prepare a follow-up patch
to address the inconsistency in the early error paths where put_device()
is missing, as you suggested.

Greg, since this version of the patch would introduce a double-free,
could you please drop it from staging-testing?

Regards,
Navaneeth

On 25-11-2025 20:46, Abdun Nihaal wrote:
> nack.
>
> On Sat, Nov 22, 2025 at 06:56:56PM +0000, Navaneeth K wrote:
>> If most_register_interface() fails, the function returned immediately
>> without freeing the allocated 'dev' structure or resetting the hardware
>> state via dim_shutdown().
> Based on the commit message of the following commit,
> most_register_interface() is expected to free the passed interface using
> device release both on success and error.
> commit baadf2a5c26e ("most: usb: fix double free on late probe failure")
> https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/
>
>>   	dev->dev.release = dim2_release;
>>   
>> -	return most_register_interface(&dev->most_iface);
>> +	ret = most_register_interface(&dev->most_iface);
>> +	if (ret)
>> +		goto err_shutdown_dim;
>> +
>> +	return 0;
> Commit d445aa402d60 ("staging: most: dim2: use device release method")
> converted this code to use device release, where the function stored in
> dev.release (dim2_release() here) will be called to free the device
> when put_device() or device_unregister() is called on the device.
>
> dim2_release() does free and shut down the hardware correctly, so doing
> it again in the error path would lead to a double free.
>
> However, I do see that in most_register_interface() function, the first
> few error paths (before the device_register() call) are not calling
> put_device() to free the interface device, which is inconsistent with
> the later error paths in that function.
>
> Leave this code as it is, and fix the most_register_interface()
> to consistently release the device on error, by calling put_device()
> on those early error paths.
>
> Also, when sending bug fixes, add a Fixes tag.
>
> Regards,
> Nihaal

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure
  2025-11-25 16:06   ` Navaneeth K
@ 2025-11-26 11:32     ` Greg KH
  0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2025-11-26 11:32 UTC (permalink / raw)
  To: Navaneeth K
  Cc: Abdun Nihaal, parthiban.veerasooran, christian.gromm,
	linux-staging, linux-kernel

On Tue, Nov 25, 2025 at 09:36:16PM +0530, Navaneeth K wrote:
> Hi Nihaal,
> Thank you for the detailed explanation.
> That makes perfect sense. I wasn’t aware that most_register_interface()
> is intended to handle cleanup via the dev.release path even on failure.
> I will analyze most_register_interface() and prepare a follow-up patch
> to address the inconsistency in the early error paths where put_device()
> is missing, as you suggested.
> 
> Greg, since this version of the patch would introduce a double-free,
> could you please drop it from staging-testing?

Ok, will go drop it now, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-11-26 11:32 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-22 18:56 [PATCH] staging: most: dim2: fix missing cleanup on interface registration failure Navaneeth K
2025-11-25 15:16 ` Abdun Nihaal
2025-11-25 16:06   ` Navaneeth K
2025-11-26 11:32     ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox