1. Patchew
  2. linux
  3. View series

[PATCH] virtio: fix reference leak in register_virtio_device()

Ma Ke posted 1 patch 1 year ago
There is a newer version of this series
drivers/virtio/virtio.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] virtio: fix reference leak in register_virtio_device()
Posted by Ma Ke 1 year ago 
When device_add(&dev->dev) failed, calling put_device() to explicitly
release dev->dev. Otherwise, it could cause double free problem.

Found by code review.

Cc: stable@vger.kernel.org
Fixes: 694a1116b405 ("virtio: Bind virtio device to device-tree node")
Signed-off-by: Ma Ke <make_ruc2021@163.com>
---
 drivers/virtio/virtio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index b9095751e43b..ac721b5597e8 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -503,6 +503,7 @@ int register_virtio_device(struct virtio_device *dev)
 
 out_of_node_put:
 	of_node_put(dev->dev.of_node);
+	put_device(&dev->dev);
 out_ida_remove:
 	ida_free(&virtio_index_ida, dev->index);
 out:
-- 
2.25.1
Re: [PATCH] virtio: fix reference leak in register_virtio_device()
Posted by Xuan Zhuo 1 year ago 
On Tue, 17 Dec 2024 11:54:32 +0800, Ma Ke <make_ruc2021@163.com> wrote:
> When device_add(&dev->dev) failed, calling put_device() to explicitly
> release dev->dev. Otherwise, it could cause double free problem.

Who frees it doublely?
If device_add() failed, the put_device is called inside device_add(),
why we need to call it again?

Maybe you need to say more?

Thanks.


>
> Found by code review.
>
> Cc: stable@vger.kernel.org
> Fixes: 694a1116b405 ("virtio: Bind virtio device to device-tree node")
> Signed-off-by: Ma Ke <make_ruc2021@163.com>
> ---
>  drivers/virtio/virtio.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index b9095751e43b..ac721b5597e8 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -503,6 +503,7 @@ int register_virtio_device(struct virtio_device *dev)
>
>  out_of_node_put:
>  	of_node_put(dev->dev.of_node);
> +	put_device(&dev->dev);
>  out_ida_remove:
>  	ida_free(&virtio_index_ida, dev->index);
>  out:
> --
> 2.25.1
>
Re: [PATCH] virtio: fix reference leak in register_virtio_device()
Posted by Viresh Kumar 1 year ago 
On 17-12-24, 11:54, Ma Ke wrote:
> When device_add(&dev->dev) failed, calling put_device() to explicitly
> release dev->dev. Otherwise, it could cause double free problem.
> 
> Found by code review.
> 
> Cc: stable@vger.kernel.org
> Fixes: 694a1116b405 ("virtio: Bind virtio device to device-tree node")

The fixes tag looks incorrect as the problem must be present before this commit
too.

> Signed-off-by: Ma Ke <make_ruc2021@163.com>
> ---
>  drivers/virtio/virtio.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index b9095751e43b..ac721b5597e8 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -503,6 +503,7 @@ int register_virtio_device(struct virtio_device *dev)
>  
>  out_of_node_put:
>  	of_node_put(dev->dev.of_node);
> +	put_device(&dev->dev);
>  out_ida_remove:
>  	ida_free(&virtio_index_ida, dev->index);
>  out:
> -- 
> 2.25.1

-- 
viresh

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.