net/nfc/netlink.c | 5 +++++ 1 file changed, 5 insertions(+)
nfc_genl_dump_targets() increments the device reference count via
nfc_get_device() but fails to decrement it properly. nfc_get_device()
calls class_find_device() which internally calls get_device() to
increment the reference count. No corresponding put_device() is made
to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when
the dump operation completes or encounters an error, ensuring balanced
reference counting.
Found by code review.
Cc: stable@vger.kernel.org
Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
net/nfc/netlink.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index a18e2c503da6..9ae138ee91dd 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
cb->args[0] = i;
+ if (rc < 0 || i >= dev->n_targets) {
+ nfc_put_device(dev);
+ cb->args[1] = 0;
+ }
+
return skb->len;
}
--
2.17.1On 14/12/2025 14:17, Ma Ke wrote: > nfc_genl_dump_targets() increments the device reference count via > nfc_get_device() but fails to decrement it properly. nfc_get_device() > calls class_find_device() which internally calls get_device() to > increment the reference count. No corresponding put_device() is made > to decrement the reference count. > > Add proper reference count decrementing using nfc_put_device() when > the dump operation completes or encounters an error, ensuring balanced > reference counting. > > Found by code review. NAK, you completely ignore reviewers and send the same. That's not acceptable. Best regards, Krzysztof
On Sun, 14 Dec 2025 21:17:26 +0800
Ma Ke <make24@iscas.ac.cn> wrote:
> nfc_genl_dump_targets() increments the device reference count via
> nfc_get_device() but fails to decrement it properly. nfc_get_device()
> calls class_find_device() which internally calls get_device() to
> increment the reference count. No corresponding put_device() is made
> to decrement the reference count.
>
> Add proper reference count decrementing using nfc_put_device() when
> the dump operation completes or encounters an error, ensuring balanced
> reference counting.
>
> Found by code review.
Is that some half-hearted AI code review?
Isn't the 'put' done by nfc_genl_dump_targets_done() which it looks
like the outer code calls sometime later on.
David
>
> Cc: stable@vger.kernel.org
> Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> net/nfc/netlink.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
> index a18e2c503da6..9ae138ee91dd 100644
> --- a/net/nfc/netlink.c
> +++ b/net/nfc/netlink.c
> @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
>
> cb->args[0] = i;
>
> + if (rc < 0 || i >= dev->n_targets) {
> + nfc_put_device(dev);
> + cb->args[1] = 0;
> + }
> +
> return skb->len;
> }
>
On Sun, 2025-12-14 at 13:54 +0000, David Laight wrote: > On Sun, 14 Dec 2025 21:17:26 +0800 > Ma Ke <make24@iscas.ac.cn> wrote: > > > nfc_genl_dump_targets() increments the device reference count via > > nfc_get_device() but fails to decrement it properly. nfc_get_device() > > calls class_find_device() which internally calls get_device() to > > increment the reference count. No corresponding put_device() is made > > to decrement the reference count. > > > > Add proper reference count decrementing using nfc_put_device() when > > the dump operation completes or encounters an error, ensuring balanced > > reference counting. > > > > Found by code review. > > Is that some half-hearted AI code review? Probably. They also resubmitted the same patch after being told 3 weeks ago to go away. johannes
© 2016 - 2025 Red Hat, Inc.