[PATCH] dax: Fix dax_region refcnt leak when creating dev_dax

From: Xiyu Yang
Date: Mon May 25 2020 - 10:14:58 EST

Next message: Xiyu Yang: "[PATCH] nfsd: Fix svc_xprt refcnt leak when setup callback client failed"
Previous message: Xiyu Yang: "[PATCH] ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

__devm_create_dev_dax() invokes kref_get(), which increases the refcount
of the "dax_region".

The reference counting issue happens in several exception handling paths
of __devm_create_dev_dax(). When those error scenarios occur such as add
device failed, the function forgets to decrease the refcnt increased by
kref_get(), causing a refcnt leak.

Fix this issue by calling kref_put() when those error scenarios occur.

Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>
---
drivers/dax/bus.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/dax/bus.c b/drivers/dax/bus.c
index df238c8b6ef2..1a861d90321f 100644
--- a/drivers/dax/bus.c
+++ b/drivers/dax/bus.c
@@ -452,12 +452,15 @@ struct dev_dax *__devm_create_dev_dax(struct dax_region *dax_region, int id,
if (rc) {
kill_dev_dax(dev_dax);
put_device(dev);
+ kref_put(&dax_region->kref, dax_region_free);
return ERR_PTR(rc);
}

rc = devm_add_action_or_reset(dax_region->dev, unregister_dev_dax, dev);
- if (rc)
+ if (rc) {
+ kref_put(&dax_region->kref, dax_region_free);
return ERR_PTR(rc);
+ }

return dev_dax;

--
2.7.4

Next message: Xiyu Yang: "[PATCH] nfsd: Fix svc_xprt refcnt leak when setup callback client failed"
Previous message: Xiyu Yang: "[PATCH] ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]