1. Patchew
  2. linux
  3. View series

[PATCH] crypto: tegra: fix refcount leak in tegra_se_host1x_submit()

Wentao Liang posted 1 patch 3 days, 22 hours ago 
drivers/crypto/tegra/tegra-se-main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] crypto: tegra: fix refcount leak in tegra_se_host1x_submit()
Posted by Wentao Liang 3 days, 22 hours ago 
The timeout error path in tegra_se_host1x_submit() returns without
calling host1x_job_put(), while all other paths (success, submit
error, pin error) properly release the job reference through the
job_put label.  Since host1x_job_alloc() initializes the reference
count and host1x_job_put() is required to drop it, omitting it on
timeout causes a permanent refcount leak.

Fix this by redirecting the timeout return to the existing job_put
label, ensuring the job reference and any associated syncpt
references are consistently released.

Cc: stable@vger.kernel.org
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
 drivers/crypto/tegra/tegra-se-main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/tegra/tegra-se-main.c b/drivers/crypto/tegra/tegra-se-main.c
index eb71113ed146..e8d8c3a23d7a 100644
--- a/drivers/crypto/tegra/tegra-se-main.c
+++ b/drivers/crypto/tegra/tegra-se-main.c
@@ -180,7 +180,7 @@ int tegra_se_host1x_submit(struct tegra_se *se, struct tegra_se_cmdbuf *cmdbuf,
 				 MAX_SCHEDULE_TIMEOUT, NULL);
 	if (ret) {
 		dev_err(se->dev, "host1x job timed out\n");
-		return ret;
+		goto job_put;
 	}
 
 	host1x_job_put(job);
-- 
2.34.1
Re: [PATCH] crypto: tegra: fix refcount leak in tegra_se_host1x_submit()
Posted by Akhil R 3 days, 3 hours ago 
On Thu, 4 Jun 2026 10:27:06 +0000, Wentao Liang wrote:
> The timeout error path in tegra_se_host1x_submit() returns without
> calling host1x_job_put(), while all other paths (success, submit
> error, pin error) properly release the job reference through the
> job_put label.  Since host1x_job_alloc() initializes the reference
> count and host1x_job_put() is required to drop it, omitting it on
> timeout causes a permanent refcount leak.
> 
> Fix this by redirecting the timeout return to the existing job_put
> label, ensuring the job reference and any associated syncpt
> references are consistently released.
> 
> Cc: stable@vger.kernel.org
> Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>

Thanks for the patch.

Reviewed-by: Akhil R <akhilrajeev@nvidia.com>

Best Regards,
Akhil

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.