Re: [PATCH] media: lirc: Fix error handling in lirc_register()
From: Sean Young
Date: Mon Jan 06 2025 - 06:05:03 EST
Hi,
On Sun, Jan 05, 2025 at 06:01:01PM +0800, Ma Ke wrote:
> When cdev_device_add() failed, calling put_device() to explicitly
> release dev->lirc_dev. Otherwise, it could cause the fault of the
> reference count.
>
> Found by code review.
Interesting find, thanks for finding and reporting.
So I think the idea is right, but there is a problem. lirc_release_device()
will do a put_device() on the rcdev, but no corresponding get_device() is
done in this code path.
Sean
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: a6ddd4fecbb0 ("media: lirc: remove last remnants of lirc kapi")
> Signed-off-by: Ma Ke <make24@xxxxxxxxxxx>
> ---
> drivers/media/rc/lirc_dev.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c
> index a2257dc2f25d..ed839e15fa16 100644
> --- a/drivers/media/rc/lirc_dev.c
> +++ b/drivers/media/rc/lirc_dev.c
> @@ -765,6 +765,7 @@ int lirc_register(struct rc_dev *dev)
> return 0;
>
> out_ida:
> + put_device(&dev->lirc_dev);
> ida_free(&lirc_ida, minor);
> return err;
> }
> --
> 2.25.1