1. Patchew
  2. linux
  3. View series

[PATCH] serial: 8250_accent: fix reference leak on failed device registration

Guangshuo Li posted 1 patch 2 months ago 
drivers/tty/serial/8250/8250_accent.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
[PATCH] serial: 8250_accent: fix reference leak on failed device registration
Posted by Guangshuo Li 2 months ago 
When platform_device_register() fails in accent_init(), the embedded
struct device in accent_device has already been initialized by
device_initialize(), but the failure path returns the error without
dropping the device reference for the current platform device:

  accent_init()
    -> platform_device_register(&accent_device)
       -> device_initialize(&accent_device.dev)
       -> setup_pdev_dma_masks(&accent_device)
       -> platform_device_add(&accent_device)

This leads to a reference leak when platform_device_register() fails.
Fix this by calling platform_device_put() before returning the error.

The issue was identified by a static analysis tool I developed and
confirmed by manual review.

Fixes: ec9f47cd6a14c ("[PATCH] Serial: Split 8250 port table")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/tty/serial/8250/8250_accent.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/8250/8250_accent.c b/drivers/tty/serial/8250/8250_accent.c
index 1691f1a57f89..e9cf40268c0e 100644
--- a/drivers/tty/serial/8250/8250_accent.c
+++ b/drivers/tty/serial/8250/8250_accent.c
@@ -25,7 +25,13 @@ static struct platform_device accent_device = {
 
 static int __init accent_init(void)
 {
-	return platform_device_register(&accent_device);
+	int ret;
+
+	ret = platform_device_register(&accent_device);
+	if (ret)
+		platform_device_put(&accent_device);
+
+	return ret;
 }
 
 module_init(accent_init);
-- 
2.43.0
Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
Posted by Jiri Slaby 2 months ago 
Hi,

On 15. 04. 26, 20:34, Guangshuo Li wrote:
> When platform_device_register() fails in accent_init(), the embedded
> struct device in accent_device has already been initialized by
> device_initialize(), but the failure path returns the error without
> dropping the device reference for the current platform device:
> 
>    accent_init()
>      -> platform_device_register(&accent_device)
>         -> device_initialize(&accent_device.dev)
>         -> setup_pdev_dma_masks(&accent_device)
>         -> platform_device_add(&accent_device)
> 
> This leads to a reference leak when platform_device_register() fails.

What reference exactly?

> Fix this by calling platform_device_put() before returning the error.
> 
> The issue was identified by a static analysis tool I developed and
> confirmed by manual review.

How did you verify you did the right change?

> Fixes: ec9f47cd6a14c ("[PATCH] Serial: Split 8250 port table")
> Cc: stable@vger.kernel.org
> Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
> ---
>   drivers/tty/serial/8250/8250_accent.c | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/tty/serial/8250/8250_accent.c b/drivers/tty/serial/8250/8250_accent.c
> index 1691f1a57f89..e9cf40268c0e 100644
> --- a/drivers/tty/serial/8250/8250_accent.c
> +++ b/drivers/tty/serial/8250/8250_accent.c
> @@ -25,7 +25,13 @@ static struct platform_device accent_device = {
>   
>   static int __init accent_init(void)
>   {
> -	return platform_device_register(&accent_device);
> +	int ret;
> +
> +	ret = platform_device_register(&accent_device);
> +	if (ret)
> +		platform_device_put(&accent_device);

In particular, what does put_device() do on a static device, even 
initialized, ie. with no device::release? Try it...

IMO, all the patches are bogus.

thanks,
-- 
js
suse labs
Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
Posted by Guangshuo Li 1 month, 3 weeks ago 
Hi Jiri,

Please disregard this patch.

On Thu, 16 Apr 2026 at 14:14, Jiri Slaby <jirislaby@kernel.org> wrote:
>
> Hi,
>
> On 15. 04. 26, 20:34, Guangshuo Li wrote:
> > When platform_device_register() fails in accent_init(), the embedded
> > struct device in accent_device has already been initialized by
> > device_initialize(), but the failure path returns the error without
> > dropping the device reference for the current platform device:
> >
> >    accent_init()
> >      -> platform_device_register(&accent_device)
> >         -> device_initialize(&accent_device.dev)
> >         -> setup_pdev_dma_masks(&accent_device)
> >         -> platform_device_add(&accent_device)
> >
> > This leads to a reference leak when platform_device_register() fails.
>
> What reference exactly?
>
> > Fix this by calling platform_device_put() before returning the error.
> >
> > The issue was identified by a static analysis tool I developed and
> > confirmed by manual review.
>
> How did you verify you did the right change?
>
> > Fixes: ec9f47cd6a14c ("[PATCH] Serial: Split 8250 port table")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
> > ---
> >   drivers/tty/serial/8250/8250_accent.c | 8 +++++++-
> >   1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/tty/serial/8250/8250_accent.c b/drivers/tty/serial/8250/8250_accent.c
> > index 1691f1a57f89..e9cf40268c0e 100644
> > --- a/drivers/tty/serial/8250/8250_accent.c
> > +++ b/drivers/tty/serial/8250/8250_accent.c
> > @@ -25,7 +25,13 @@ static struct platform_device accent_device = {
> >
> >   static int __init accent_init(void)
> >   {
> > -     return platform_device_register(&accent_device);
> > +     int ret;
> > +
> > +     ret = platform_device_register(&accent_device);
> > +     if (ret)
> > +             platform_device_put(&accent_device);
>
> In particular, what does put_device() do on a static device, even
> initialized, ie. with no device::release? Try it...
>
> IMO, all the patches are bogus.
>
> thanks,
> --
> js
> suse labs

After re-checking it, accent_device is a static platform_device and it
does not provide a dev.release callback, so calling platform_device_put()
on the platform_device_register() failure path is not appropriate and can
trigger the missing release callback warning.

This falls into the same static platform_device pattern as the other
patches, so I will drop it.

Sorry for the noise.

Best regards,
Guangshuo Li
Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
Posted by Guangshuo Li 2 months ago 
Hi Jiri,

Thanks for the review.

On Thu, 16 Apr 2026 at 14:14, Jiri Slaby <jirislaby@kernel.org> wrote:
>
> Hi,
>
>
> What reference exactly?
I was referring to the device reference initialized by
device_initialize() inside
platform_device_register(). My reasoning was that when
platform_device_add() fails, platform_device_register() returns the
error directly and does not drop that reference on the failure path.

>
> How did you verify you did the right change?

After my tool reported this case, I manually audited the relevant
source code and
checked the related core API definitions. However, I did miss the
special handling needed for a static device in this case.

> In particular, what does put_device() do on a static device, even
> initialized, ie. with no device::release? Try it...

Sorry, I should have considered and verified that
more carefully before sending the patch.

Thanks,
Guangshuo
Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
Posted by Guangshuo Li 2 months ago 
Hi Jiri,

Thanks.

On Thu, 16 Apr 2026 at 17:37, Guangshuo Li <lgs201920130244@gmail.com> wrote:
>
> Hi Jiri,
>
> Thanks for the review.
>
> On Thu, 16 Apr 2026 at 14:14, Jiri Slaby <jirislaby@kernel.org> wrote:
> >
> > Hi,
> >
> >
> > What reference exactly?
> I was referring to the device reference initialized by
> device_initialize() inside
> platform_device_register(). My reasoning was that when
> platform_device_add() fails, platform_device_register() returns the
> error directly and does not drop that reference on the failure path.
>
> >
> > How did you verify you did the right change?
>
> After my tool reported this case, I manually audited the relevant
> source code and
> checked the related core API definitions. However, I did miss the
> special handling needed for a static device in this case.
>
> > In particular, what does put_device() do on a static device, even
> > initialized, ie. with no device::release? Try it...
>
> Sorry, I should have considered and verified that
> more carefully before sending the patch.
>
> Thanks,
> Guangshuo

We are also discussing in another similar patch whether the
better fix, if any, should be in the API/core code rather than in
individual callers:

https://patchew.org/linux/20260415174159.3625777-1-lgs201920130244@gmail.com/

Thanks,
Guangshuo
Re: [PATCH] serial: 8250_accent: fix reference leak on failed device registration
Posted by Jiri Slaby 2 months ago 
On 16. 04. 26, 12:23, Guangshuo Li wrote:
> We are also discussing in another similar patch whether the
> better fix, if any, should be in the API/core code rather than in
> individual callers:
> 
> https://patchew.org/linux/20260415174159.3625777-1-lgs201920130244@gmail.com/

Agreed, if anything needs a fix, it's platform_device_register() or the 
functions underneath...

thanks,
-- 
js
suse labs

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.