1. Patchew
  2. linux
  3. View series

[PATCH] mux: core: fix reference count leak in mux_chip_register()

Salah Triki posted 1 patch 1 week ago 
drivers/mux/core.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
[PATCH] mux: core: fix reference count leak in mux_chip_register()
Posted by Salah Triki 1 week ago 
Once `mux_chip_alloc()` is called, the underlying `struct device` is
initialized via `device_initialize()`, and its reference count is set
to 1. Any error path occurring after this point must call `put_device()`
to ensure proper cleanup of the device and its associated resources.

Currently, if `mux_control_set()` fails or if `device_add()` fails, the
function returns an error code directly. This leaves the `mux_chip`
structure and its internal device's memory leaking, as the release
callback is never triggered.

Fix this by ensuring that `put_device()` is called on all error paths
within `mux_chip_register()`.

Fixes: a3b02a9c6591c ("mux: minimal mux subsystem")

Signed-off-by: Salah Triki <salah.triki@gmail.com>
---
 drivers/mux/core.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/mux/core.c b/drivers/mux/core.c
index a3840fe0995f..2ffb175bbbf6 100644
--- a/drivers/mux/core.c
+++ b/drivers/mux/core.c
@@ -173,14 +173,19 @@ int mux_chip_register(struct mux_chip *mux_chip)
 		ret = mux_control_set(mux, mux->idle_state);
 		if (ret < 0) {
 			dev_err(&mux_chip->dev, "unable to set idle state\n");
-			return ret;
+			goto err_put_device;
 		}
 	}
 
 	ret = device_add(&mux_chip->dev);
-	if (ret < 0)
+	if (ret < 0) {
 		dev_err(&mux_chip->dev,
 			"device_add failed in %s: %d\n", __func__, ret);
+		goto err_put_device;
+	}
+
+err_put_device:
+	put_device(&mux_chip->dev);
 	return ret;
 }
 EXPORT_SYMBOL_GPL(mux_chip_register);
-- 
2.43.0
Re: [PATCH] mux: core: fix reference count leak in mux_chip_register()
Posted by Peter Rosin 6 days, 16 hours ago 
Hi!

2026-01-31 at 13:09, Salah Triki wrote:
> Once `mux_chip_alloc()` is called, the underlying `struct device` is
> initialized via `device_initialize()`, and its reference count is set
> to 1. Any error path occurring after this point must call `put_device()`
> to ensure proper cleanup of the device and its associated resources.

This patch is broken. NACK.

The put_device() call that you seem to think is missing is found in the
mux_chip_free() function, which is what should be called to clean up
after (a successful) mux_chip_alloc().

If there really is a leak somewhere, the real problem is a missing call
to mux_chip_free(), not a missing put_device() in mux_chip_register().
Adding a put_device() in mux_chip_register() leads to too many calls to
put_device().

Cheers,
Peter
Re: [PATCH] mux: core: fix reference count leak in mux_chip_register()
Posted by Salah Triki 2 days, 17 hours ago 
On Sat, Jan 31, 2026 at 11:03:55PM +0100, Peter Rosin wrote:
> Hi!
> 
> 
> This patch is broken. NACK.
> 
> The put_device() call that you seem to think is missing is found in the
> mux_chip_free() function, which is what should be called to clean up
> after (a successful) mux_chip_alloc().
> 
> If there really is a leak somewhere, the real problem is a missing call
> to mux_chip_free(), not a missing put_device() in mux_chip_register().
> Adding a put_device() in mux_chip_register() leads to too many calls to
> put_device().
> 
> Cheers,
> Peter

Thanks for the clarification, that makes sense. I'll drop this patch.

Best regards,
Salah

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.