misc: fastrpc: fix channel ctx ref leak when session alloc fails

[PATCH v1] misc: fastrpc: fix channel ctx ref leak when session alloc fails

Posted by Anandu Krishnan E 2 weeks ago

fastrpc_channel_ctx_get() is called in fastrpc_device_open() before
fastrpc_session_alloc(). If session alloc fails, the error path
returns -EBUSY without calling fastrpc_channel_ctx_put(), leaking
the reference. Fix by adding the missing put.

Fixes: 278d56f970ae ("misc: fastrpc: Reference count channel context")
Cc: stable@kernel.org
Signed-off-by: Anandu Krishnan E <anandu.e@oss.qualcomm.com>
---
 drivers/misc/fastrpc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index 1080f9acf70a..9442db2c7aec 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -1648,7 +1648,7 @@ static int fastrpc_device_open(struct inode *inode, struct file *filp)
 		dev_err(&cctx->rpdev->dev, "No session available\n");
 		mutex_destroy(&fl->mutex);
 		kfree(fl);
-
+		fastrpc_channel_ctx_put(cctx);
 		return -EBUSY;
 	}
 
-- 
2.34.1

Re: [PATCH v1] misc: fastrpc: fix channel ctx ref leak when session alloc fails

Posted by Dmitry Baryshkov 2 weeks ago

On Mon, May 25, 2026 at 02:23:40PM +0530, Anandu Krishnan E wrote:
> fastrpc_channel_ctx_get() is called in fastrpc_device_open() before
> fastrpc_session_alloc(). If session alloc fails, the error path
> returns -EBUSY without calling fastrpc_channel_ctx_put(), leaking
> the reference. Fix by adding the missing put.
> 
> Fixes: 278d56f970ae ("misc: fastrpc: Reference count channel context")
> Cc: stable@kernel.org
> Signed-off-by: Anandu Krishnan E <anandu.e@oss.qualcomm.com>
> ---
>  drivers/misc/fastrpc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 

Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>


-- 
With best wishes
Dmitry