drivers/media/v4l2-core/v4l2-dev.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)
Once device_register() failed, we should call put_device() to
decrement reference count for cleanup. Or it could cause memory leak.
And move callback function before put_device().
As comment of device_register() says, 'NOTE: _Never_ directly free
@dev after calling this function, even if it returned an error! Always
use put_device() to give up the reference initialized in this function
instead.'
Found by code review.
Cc: stable@vger.kernel.org
Fixes: baa057e29b58 ("media: v4l2-dev: use pr_foo() for printing messages")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Changes in v2:
- modified the patch as no callback function before put_device().
---
drivers/media/v4l2-core/v4l2-dev.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c
index 5bcaeeba4d09..4a8fdf8115c0 100644
--- a/drivers/media/v4l2-core/v4l2-dev.c
+++ b/drivers/media/v4l2-core/v4l2-dev.c
@@ -1054,17 +1054,16 @@ int __video_register_device(struct video_device *vdev,
vdev->dev.class = &video_class;
vdev->dev.devt = MKDEV(VIDEO_MAJOR, vdev->minor);
vdev->dev.parent = vdev->dev_parent;
+ vdev->dev.release = v4l2_device_release;
dev_set_name(&vdev->dev, "%s%d", name_base, vdev->num);
mutex_lock(&videodev_lock);
ret = device_register(&vdev->dev);
if (ret < 0) {
mutex_unlock(&videodev_lock);
pr_err("%s: device_register failed\n", __func__);
- goto cleanup;
+ put_device(&vdev->dev);
+ return ret;
}
- /* Register the release callback that will be called when the last
- reference to the device goes away. */
- vdev->dev.release = v4l2_device_release;
if (nr != -1 && nr != vdev->num && warn_if_nr_in_use)
pr_warn("%s: requested %s%d, got %s\n", __func__,
--
2.25.1On Tue, Mar 18, 2025 at 05:09:45PM +0800, Ma Ke wrote:
> Once device_register() failed, we should call put_device() to
> decrement reference count for cleanup. Or it could cause memory leak.
> And move callback function before put_device().
>
> As comment of device_register() says, 'NOTE: _Never_ directly free
> @dev after calling this function, even if it returned an error! Always
> use put_device() to give up the reference initialized in this function
> instead.'
>
> Found by code review.
>
> Cc: stable@vger.kernel.org
> Fixes: baa057e29b58 ("media: v4l2-dev: use pr_foo() for printing messages")
This tag does not seems to be right, the commit just change printk calls.
Regards
Stanislaw
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Changes in v2:
> - modified the patch as no callback function before put_device().
> ---
> drivers/media/v4l2-core/v4l2-dev.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c
> index 5bcaeeba4d09..4a8fdf8115c0 100644
> --- a/drivers/media/v4l2-core/v4l2-dev.c
> +++ b/drivers/media/v4l2-core/v4l2-dev.c
> @@ -1054,17 +1054,16 @@ int __video_register_device(struct video_device *vdev,
> vdev->dev.class = &video_class;
> vdev->dev.devt = MKDEV(VIDEO_MAJOR, vdev->minor);
> vdev->dev.parent = vdev->dev_parent;
> + vdev->dev.release = v4l2_device_release;
> dev_set_name(&vdev->dev, "%s%d", name_base, vdev->num);
> mutex_lock(&videodev_lock);
> ret = device_register(&vdev->dev);
> if (ret < 0) {
> mutex_unlock(&videodev_lock);
> pr_err("%s: device_register failed\n", __func__);
> - goto cleanup;
> + put_device(&vdev->dev);
> + return ret;
> }
> - /* Register the release callback that will be called when the last
> - reference to the device goes away. */
> - vdev->dev.release = v4l2_device_release;
>
> if (nr != -1 && nr != vdev->num && warn_if_nr_in_use)
> pr_warn("%s: requested %s%d, got %s\n", __func__,
> --
> 2.25.1
>
>
Hi Ma,
Thanks for the update.
On Tue, Mar 18, 2025 at 05:09:45PM +0800, Ma Ke wrote:
> Once device_register() failed, we should call put_device() to
> decrement reference count for cleanup. Or it could cause memory leak.
> And move callback function before put_device().
>
> As comment of device_register() says, 'NOTE: _Never_ directly free
> @dev after calling this function, even if it returned an error! Always
> use put_device() to give up the reference initialized in this function
> instead.'
>
> Found by code review.
>
> Cc: stable@vger.kernel.org
> Fixes: baa057e29b58 ("media: v4l2-dev: use pr_foo() for printing messages")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Changes in v2:
> - modified the patch as no callback function before put_device().
> ---
> drivers/media/v4l2-core/v4l2-dev.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c
> index 5bcaeeba4d09..4a8fdf8115c0 100644
> --- a/drivers/media/v4l2-core/v4l2-dev.c
> +++ b/drivers/media/v4l2-core/v4l2-dev.c
> @@ -1054,17 +1054,16 @@ int __video_register_device(struct video_device *vdev,
> vdev->dev.class = &video_class;
> vdev->dev.devt = MKDEV(VIDEO_MAJOR, vdev->minor);
> vdev->dev.parent = vdev->dev_parent;
> + vdev->dev.release = v4l2_device_release;
> dev_set_name(&vdev->dev, "%s%d", name_base, vdev->num);
> mutex_lock(&videodev_lock);
> ret = device_register(&vdev->dev);
> if (ret < 0) {
> mutex_unlock(&videodev_lock);
> pr_err("%s: device_register failed\n", __func__);
> - goto cleanup;
> + put_device(&vdev->dev);
> + return ret;
> }
> - /* Register the release callback that will be called when the last
> - reference to the device goes away. */
> - vdev->dev.release = v4l2_device_release;
>
> if (nr != -1 && nr != vdev->num && warn_if_nr_in_use)
> pr_warn("%s: requested %s%d, got %s\n", __func__,
I think this still needs some work. E.g. v4l2_device_get() hasn't been
called yet here, but still v4l2_device_release() will call
v4l2_device_put().
--
Regards,
Sakari Ailus
© 2016 - 2025 Red Hat, Inc.