[PATCH] serial: 8250_accent: fix reference leak on failed device registration

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] serial: 8250_accent: fix reference leak on failed device registration
@ 2026-04-15 18:34 Guangshuo Li
  2026-04-16  6:13 ` Jiri Slaby
  0 siblings, 1 reply; 5+ messages in thread
From: Guangshuo Li @ 2026-04-15 18:34 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Jiri Slaby, Guangshuo Li, Russell King,
	linux-kernel, linux-serial
  Cc: stable

When platform_device_register() fails in accent_init(), the embedded
struct device in accent_device has already been initialized by
device_initialize(), but the failure path returns the error without
dropping the device reference for the current platform device:

  accent_init()
    -> platform_device_register(&accent_device)
       -> device_initialize(&accent_device.dev)
       -> setup_pdev_dma_masks(&accent_device)
       -> platform_device_add(&accent_device)

This leads to a reference leak when platform_device_register() fails.
Fix this by calling platform_device_put() before returning the error.

The issue was identified by a static analysis tool I developed and
confirmed by manual review.

Fixes: ec9f47cd6a14c ("[PATCH] Serial: Split 8250 port table")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/tty/serial/8250/8250_accent.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/8250/8250_accent.c b/drivers/tty/serial/8250/8250_accent.c
index 1691f1a57f89..e9cf40268c0e 100644
--- a/drivers/tty/serial/8250/8250_accent.c
+++ b/drivers/tty/serial/8250/8250_accent.c
@@ -25,7 +25,13 @@ static struct platform_device accent_device = {
 
 static int __init accent_init(void)
 {
-	return platform_device_register(&accent_device);
+	int ret;
+
+	ret = platform_device_register(&accent_device);
+	if (ret)
+		platform_device_put(&accent_device);
+
+	return ret;
 }
 
 module_init(accent_init);
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
  2026-04-15 18:34 [PATCH] serial: 8250_accent: fix reference leak on failed device registration Guangshuo Li
@ 2026-04-16  6:13 ` Jiri Slaby
  2026-04-16  9:37   ` Guangshuo Li
  0 siblings, 1 reply; 5+ messages in thread
From: Jiri Slaby @ 2026-04-16  6:13 UTC (permalink / raw)
  To: Guangshuo Li, Greg Kroah-Hartman, Russell King, linux-kernel,
	linux-serial
  Cc: stable

Hi,

On 15. 04. 26, 20:34, Guangshuo Li wrote:
> When platform_device_register() fails in accent_init(), the embedded
> struct device in accent_device has already been initialized by
> device_initialize(), but the failure path returns the error without
> dropping the device reference for the current platform device:
> 
>    accent_init()
>      -> platform_device_register(&accent_device)
>         -> device_initialize(&accent_device.dev)
>         -> setup_pdev_dma_masks(&accent_device)
>         -> platform_device_add(&accent_device)
> 
> This leads to a reference leak when platform_device_register() fails.

What reference exactly?

> Fix this by calling platform_device_put() before returning the error.
> 
> The issue was identified by a static analysis tool I developed and
> confirmed by manual review.

How did you verify you did the right change?

> Fixes: ec9f47cd6a14c ("[PATCH] Serial: Split 8250 port table")
> Cc: stable@vger.kernel.org
> Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
> ---
>   drivers/tty/serial/8250/8250_accent.c | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tty/serial/8250/8250_accent.c b/drivers/tty/serial/8250/8250_accent.c
> index 1691f1a57f89..e9cf40268c0e 100644
> --- a/drivers/tty/serial/8250/8250_accent.c
> +++ b/drivers/tty/serial/8250/8250_accent.c
> @@ -25,7 +25,13 @@ static struct platform_device accent_device = {
>   
>   static int __init accent_init(void)
>   {
> -	return platform_device_register(&accent_device);
> +	int ret;
> +
> +	ret = platform_device_register(&accent_device);
> +	if (ret)
> +		platform_device_put(&accent_device);

In particular, what does put_device() do on a static device, even 
initialized, ie. with no device::release? Try it...

IMO, all the patches are bogus.

thanks,
-- 
js
suse labs

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
  2026-04-16  6:13 ` Jiri Slaby
@ 2026-04-16  9:37   ` Guangshuo Li
  2026-04-16 10:23     ` Guangshuo Li
  0 siblings, 1 reply; 5+ messages in thread
From: Guangshuo Li @ 2026-04-16  9:37 UTC (permalink / raw)
  To: Jiri Slaby
  Cc: Greg Kroah-Hartman, Russell King, linux-kernel, linux-serial,
	stable

Hi Jiri,

Thanks for the review.

On Thu, 16 Apr 2026 at 14:14, Jiri Slaby <jirislaby@kernel.org> wrote:
>
> Hi,
>
>
> What reference exactly?
I was referring to the device reference initialized by
device_initialize() inside
platform_device_register(). My reasoning was that when
platform_device_add() fails, platform_device_register() returns the
error directly and does not drop that reference on the failure path.

>
> How did you verify you did the right change?

After my tool reported this case, I manually audited the relevant
source code and
checked the related core API definitions. However, I did miss the
special handling needed for a static device in this case.

> In particular, what does put_device() do on a static device, even
> initialized, ie. with no device::release? Try it...

Sorry, I should have considered and verified that
more carefully before sending the patch.

Thanks,
Guangshuo

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
  2026-04-16  9:37   ` Guangshuo Li
@ 2026-04-16 10:23     ` Guangshuo Li
  2026-04-16 10:43       ` Jiri Slaby
  0 siblings, 1 reply; 5+ messages in thread
From: Guangshuo Li @ 2026-04-16 10:23 UTC (permalink / raw)
  To: Jiri Slaby
  Cc: Greg Kroah-Hartman, Russell King, linux-kernel, linux-serial,
	stable

Hi Jiri,

Thanks.

On Thu, 16 Apr 2026 at 17:37, Guangshuo Li <lgs201920130244@gmail.com> wrote:
>
> Hi Jiri,
>
> Thanks for the review.
>
> On Thu, 16 Apr 2026 at 14:14, Jiri Slaby <jirislaby@kernel.org> wrote:
> >
> > Hi,
> >
> >
> > What reference exactly?
> I was referring to the device reference initialized by
> device_initialize() inside
> platform_device_register(). My reasoning was that when
> platform_device_add() fails, platform_device_register() returns the
> error directly and does not drop that reference on the failure path.
>
> >
> > How did you verify you did the right change?
>
> After my tool reported this case, I manually audited the relevant
> source code and
> checked the related core API definitions. However, I did miss the
> special handling needed for a static device in this case.
>
> > In particular, what does put_device() do on a static device, even
> > initialized, ie. with no device::release? Try it...
>
> Sorry, I should have considered and verified that
> more carefully before sending the patch.
>
> Thanks,
> Guangshuo

We are also discussing in another similar patch whether the
better fix, if any, should be in the API/core code rather than in
individual callers:

https://patchew.org/linux/20260415174159.3625777-1-lgs201920130244@gmail.com/

Thanks,
Guangshuo

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
  2026-04-16 10:23     ` Guangshuo Li
@ 2026-04-16 10:43       ` Jiri Slaby
  0 siblings, 0 replies; 5+ messages in thread
From: Jiri Slaby @ 2026-04-16 10:43 UTC (permalink / raw)
  To: Guangshuo Li
  Cc: Greg Kroah-Hartman, Russell King, linux-kernel, linux-serial,
	stable

On 16. 04. 26, 12:23, Guangshuo Li wrote:
> We are also discussing in another similar patch whether the
> better fix, if any, should be in the API/core code rather than in
> individual callers:
> 
> https://patchew.org/linux/20260415174159.3625777-1-lgs201920130244@gmail.com/

Agreed, if anything needs a fix, it's platform_device_register() or the 
functions underneath...

thanks,
-- 
js
suse labs

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-04-16 10:43 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-15 18:34 [PATCH] serial: 8250_accent: fix reference leak on failed device registration Guangshuo Li
2026-04-16  6:13 ` Jiri Slaby
2026-04-16  9:37   ` Guangshuo Li
2026-04-16 10:23     ` Guangshuo Li
2026-04-16 10:43       ` Jiri Slaby

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox