1. Patchew
  2. linux
  3. View series

[PATCH RESEND] of: unittest: Fix device reference count leak in of_unittest_pci_node_verify

Ma Ke posted 1 patch 2 days, 18 hours ago
There is a newer version of this series
drivers/of/unittest.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[PATCH RESEND] of: unittest: Fix device reference count leak in of_unittest_pci_node_verify
Posted by Ma Ke 2 days, 18 hours ago 
In of_unittest_pci_node_verify(), when the add parameter is false,
device_find_any_child() obtains a reference to a child device. This
function implicitly calls get_device() to increment the device's
reference count before returning the pointer. However, the caller
fails to properly release this reference by calling put_device(),
leading to a device reference count leak.

As the comment of device_find_any_child states: "NOTE: you will need
to drop the reference with put_device() after use".

Cc: stable@vger.kernel.org
Fixes: 26409dd04589 ("of: unittest: Add pci_dt_testdrv pci driver")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 drivers/of/unittest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
index e3503ec20f6c..d225e73781fe 100644
--- a/drivers/of/unittest.c
+++ b/drivers/of/unittest.c
@@ -4271,7 +4271,7 @@ static struct platform_driver unittest_pci_driver = {
 static int of_unittest_pci_node_verify(struct pci_dev *pdev, bool add)
 {
 	struct device_node *pnp, *np = NULL;
-	struct device *child_dev;
+	struct device *child_dev = NULL;
 	char *path = NULL;
 	const __be32 *reg;
 	int rc = 0;
@@ -4306,6 +4306,8 @@ static int of_unittest_pci_node_verify(struct pci_dev *pdev, bool add)
 	kfree(path);
 	if (np)
 		of_node_put(np);
+	if (child_dev)
+		put_device(child_dev);
 
 	return rc;
 }
-- 
2.17.1
Re: [PATCH RESEND] of: unittest: Fix device reference count leak in of_unittest_pci_node_verify
Posted by Rob Herring 2 days, 7 hours ago 
On Sun, Sep 28, 2025 at 10:47 PM Ma Ke <make24@iscas.ac.cn> wrote:
>
> In of_unittest_pci_node_verify(), when the add parameter is false,
> device_find_any_child() obtains a reference to a child device. This
> function implicitly calls get_device() to increment the device's
> reference count before returning the pointer. However, the caller
> fails to properly release this reference by calling put_device(),
> leading to a device reference count leak.
>
> As the comment of device_find_any_child states: "NOTE: you will need
> to drop the reference with put_device() after use".

Please implement my review comments on the last version you sent.

>
> Cc: stable@vger.kernel.org
> Fixes: 26409dd04589 ("of: unittest: Add pci_dt_testdrv pci driver")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>  drivers/of/unittest.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
> index e3503ec20f6c..d225e73781fe 100644
> --- a/drivers/of/unittest.c
> +++ b/drivers/of/unittest.c
> @@ -4271,7 +4271,7 @@ static struct platform_driver unittest_pci_driver = {
>  static int of_unittest_pci_node_verify(struct pci_dev *pdev, bool add)
>  {
>         struct device_node *pnp, *np = NULL;
> -       struct device *child_dev;
> +       struct device *child_dev = NULL;
>         char *path = NULL;
>         const __be32 *reg;
>         int rc = 0;
> @@ -4306,6 +4306,8 @@ static int of_unittest_pci_node_verify(struct pci_dev *pdev, bool add)
>         kfree(path);
>         if (np)
>                 of_node_put(np);
> +       if (child_dev)
> +               put_device(child_dev);
>
>         return rc;
>  }
> --
> 2.17.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.