* [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
@ 2025-12-14 13:17 Ma Ke
2025-12-14 13:54 ` David Laight
2025-12-15 11:28 ` Krzysztof Kozlowski
0 siblings, 2 replies; 7+ messages in thread
From: Ma Ke @ 2025-12-14 13:17 UTC (permalink / raw)
To: krzk, davem, edumazet, kuba, pabeni, horms, aloisio.almeida,
lauro.venancio, sameo, linville, johannes
Cc: netdev, linux-kernel, akpm, Ma Ke, stable
nfc_genl_dump_targets() increments the device reference count via
nfc_get_device() but fails to decrement it properly. nfc_get_device()
calls class_find_device() which internally calls get_device() to
increment the reference count. No corresponding put_device() is made
to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when
the dump operation completes or encounters an error, ensuring balanced
reference counting.
Found by code review.
Cc: stable@vger.kernel.org
Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
net/nfc/netlink.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index a18e2c503da6..9ae138ee91dd 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
cb->args[0] = i;
+ if (rc < 0 || i >= dev->n_targets) {
+ nfc_put_device(dev);
+ cb->args[1] = 0;
+ }
+
return skb->len;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
2025-12-14 13:17 [PATCH] NFC: Fix error handling in nfc_genl_dump_targets Ma Ke
@ 2025-12-14 13:54 ` David Laight
2025-12-15 8:39 ` Johannes Berg
2025-12-15 11:28 ` Krzysztof Kozlowski
1 sibling, 1 reply; 7+ messages in thread
From: David Laight @ 2025-12-14 13:54 UTC (permalink / raw)
To: Ma Ke
Cc: krzk, davem, edumazet, kuba, pabeni, horms, aloisio.almeida,
lauro.venancio, sameo, linville, johannes, netdev, linux-kernel,
akpm, stable
On Sun, 14 Dec 2025 21:17:26 +0800
Ma Ke <make24@iscas.ac.cn> wrote:
> nfc_genl_dump_targets() increments the device reference count via
> nfc_get_device() but fails to decrement it properly. nfc_get_device()
> calls class_find_device() which internally calls get_device() to
> increment the reference count. No corresponding put_device() is made
> to decrement the reference count.
>
> Add proper reference count decrementing using nfc_put_device() when
> the dump operation completes or encounters an error, ensuring balanced
> reference counting.
>
> Found by code review.
Is that some half-hearted AI code review?
Isn't the 'put' done by nfc_genl_dump_targets_done() which it looks
like the outer code calls sometime later on.
David
>
> Cc: stable@vger.kernel.org
> Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> net/nfc/netlink.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
> index a18e2c503da6..9ae138ee91dd 100644
> --- a/net/nfc/netlink.c
> +++ b/net/nfc/netlink.c
> @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
>
> cb->args[0] = i;
>
> + if (rc < 0 || i >= dev->n_targets) {
> + nfc_put_device(dev);
> + cb->args[1] = 0;
> + }
> +
> return skb->len;
> }
>
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
2025-12-14 13:54 ` David Laight
@ 2025-12-15 8:39 ` Johannes Berg
0 siblings, 0 replies; 7+ messages in thread
From: Johannes Berg @ 2025-12-15 8:39 UTC (permalink / raw)
To: David Laight, Ma Ke
Cc: krzk, davem, edumazet, kuba, pabeni, horms, aloisio.almeida,
lauro.venancio, sameo, linville, netdev, linux-kernel, akpm,
stable
On Sun, 2025-12-14 at 13:54 +0000, David Laight wrote:
> On Sun, 14 Dec 2025 21:17:26 +0800
> Ma Ke <make24@iscas.ac.cn> wrote:
>
> > nfc_genl_dump_targets() increments the device reference count via
> > nfc_get_device() but fails to decrement it properly. nfc_get_device()
> > calls class_find_device() which internally calls get_device() to
> > increment the reference count. No corresponding put_device() is made
> > to decrement the reference count.
> >
> > Add proper reference count decrementing using nfc_put_device() when
> > the dump operation completes or encounters an error, ensuring balanced
> > reference counting.
> >
> > Found by code review.
>
> Is that some half-hearted AI code review?
Probably. They also resubmitted the same patch after being told 3 weeks
ago to go away.
johannes
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
2025-12-14 13:17 [PATCH] NFC: Fix error handling in nfc_genl_dump_targets Ma Ke
2025-12-14 13:54 ` David Laight
@ 2025-12-15 11:28 ` Krzysztof Kozlowski
1 sibling, 0 replies; 7+ messages in thread
From: Krzysztof Kozlowski @ 2025-12-15 11:28 UTC (permalink / raw)
To: Ma Ke, davem, edumazet, kuba, pabeni, horms, aloisio.almeida,
lauro.venancio, sameo, linville, johannes
Cc: netdev, linux-kernel, akpm, stable
On 14/12/2025 14:17, Ma Ke wrote:
> nfc_genl_dump_targets() increments the device reference count via
> nfc_get_device() but fails to decrement it properly. nfc_get_device()
> calls class_find_device() which internally calls get_device() to
> increment the reference count. No corresponding put_device() is made
> to decrement the reference count.
>
> Add proper reference count decrementing using nfc_put_device() when
> the dump operation completes or encounters an error, ensuring balanced
> reference counting.
>
> Found by code review.
NAK, you completely ignore reviewers and send the same. That's not
acceptable.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
@ 2025-11-21 2:27 Ma Ke
2025-11-24 8:24 ` Krzysztof Kozlowski
0 siblings, 1 reply; 7+ messages in thread
From: Ma Ke @ 2025-11-21 2:27 UTC (permalink / raw)
To: krzk, davem, edumazet, kuba, pabeni, horms, linville,
aloisio.almeida, johannes, lauro.venancio, sameo
Cc: netdev, linux-kernel, akpm, Ma Ke, stable
nfc_genl_dump_targets() increments the device reference count via
nfc_get_device() but fails to decrement it properly. nfc_get_device()
calls class_find_device() which internally calls get_device() to
increment the reference count. No corresponding put_device() is made
to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when
the dump operation completes or encounters an error, ensuring balanced
reference counting.
Found by code review.
Cc: stable@vger.kernel.org
Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
net/nfc/netlink.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index a18e2c503da6..9ae138ee91dd 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
cb->args[0] = i;
+ if (rc < 0 || i >= dev->n_targets) {
+ nfc_put_device(dev);
+ cb->args[1] = 0;
+ }
+
return skb->len;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
2025-11-21 2:27 Ma Ke
@ 2025-11-24 8:24 ` Krzysztof Kozlowski
2025-11-24 8:30 ` Krzysztof Kozlowski
0 siblings, 1 reply; 7+ messages in thread
From: Krzysztof Kozlowski @ 2025-11-24 8:24 UTC (permalink / raw)
To: Ma Ke, davem, edumazet, kuba, pabeni, horms, linville,
aloisio.almeida, johannes, lauro.venancio, sameo
Cc: netdev, linux-kernel, akpm, stable
On 21/11/2025 03:27, Ma Ke wrote:
> nfc_genl_dump_targets() increments the device reference count via
Only in some cases, but you drop it unconditionally.
> nfc_get_device() but fails to decrement it properly. nfc_get_device()
> calls class_find_device() which internally calls get_device() to
> increment the reference count. No corresponding put_device() is made
> to decrement the reference count.
>
> Add proper reference count decrementing using nfc_put_device() when
> the dump operation completes or encounters an error, ensuring balanced
> reference counting.
>
> Found by code review.
Drop, there is no point nor need to say that humans did the work. This
actually rather suggests you used LLM and disguise your finding as "code
review".
No, LLM is not code review.
>
> Cc: stable@vger.kernel.org
> Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> net/nfc/netlink.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
> index a18e2c503da6..9ae138ee91dd 100644
> --- a/net/nfc/netlink.c
> +++ b/net/nfc/netlink.c
> @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
>
> cb->args[0] = i;
>
> + if (rc < 0 || i >= dev->n_targets) {
> + nfc_put_device(dev);
> + cb->args[1] = 0;
Did you test it?
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [PATCH] NFC: Fix error handling in nfc_genl_dump_targets
2025-11-24 8:24 ` Krzysztof Kozlowski
@ 2025-11-24 8:30 ` Krzysztof Kozlowski
0 siblings, 0 replies; 7+ messages in thread
From: Krzysztof Kozlowski @ 2025-11-24 8:30 UTC (permalink / raw)
To: Ma Ke, davem, edumazet, kuba, pabeni, horms, linville,
aloisio.almeida, johannes, lauro.venancio, sameo
Cc: netdev, linux-kernel, akpm, stable
On 24/11/2025 09:24, Krzysztof Kozlowski wrote:
> On 21/11/2025 03:27, Ma Ke wrote:
>> nfc_genl_dump_targets() increments the device reference count via
>
> Only in some cases, but you drop it unconditionally.
>
>> nfc_get_device() but fails to decrement it properly. nfc_get_device()
>> calls class_find_device() which internally calls get_device() to
>> increment the reference count. No corresponding put_device() is made
>> to decrement the reference count.
>>
>> Add proper reference count decrementing using nfc_put_device() when
>> the dump operation completes or encounters an error, ensuring balanced
>> reference counting.
>>
>> Found by code review.
>
> Drop, there is no point nor need to say that humans did the work. This
> actually rather suggests you used LLM and disguise your finding as "code
> review".
>
> No, LLM is not code review.
Looks like LLM.
>
>>
>> Cc: stable@vger.kernel.org
>> Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
>> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
>> ---
>> net/nfc/netlink.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
>> index a18e2c503da6..9ae138ee91dd 100644
>> --- a/net/nfc/netlink.c
>> +++ b/net/nfc/netlink.c
>> @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
>>
>> cb->args[0] = i;
>>
>> + if (rc < 0 || i >= dev->n_targets) {
>> + nfc_put_device(dev);
>> + cb->args[1] = 0;
>
> Did you test it?
I am pretty sure this is double put and thus bug. There is put in done().
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-12-15 11:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-14 13:17 [PATCH] NFC: Fix error handling in nfc_genl_dump_targets Ma Ke
2025-12-14 13:54 ` David Laight
2025-12-15 8:39 ` Johannes Berg
2025-12-15 11:28 ` Krzysztof Kozlowski
-- strict thread matches above, loose matches on Subject: below --
2025-11-21 2:27 Ma Ke
2025-11-24 8:24 ` Krzysztof Kozlowski
2025-11-24 8:30 ` Krzysztof Kozlowski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox