Hi,
On Sun, Jan 05, 2025 at 06:01:01PM +0800, Ma Ke wrote:
When cdev_device_add() failed, calling put_device() to explicitly release dev->lirc_dev. Otherwise, it could cause the fault of the reference count.
Found by code review.
Interesting find, thanks for finding and reporting.
So I think the idea is right, but there is a problem. lirc_release_device() will do a put_device() on the rcdev, but no corresponding get_device() is done in this code path.
Sean
Cc: stable@vger.kernel.org Fixes: a6ddd4fecbb0 ("media: lirc: remove last remnants of lirc kapi") Signed-off-by: Ma Ke make24@iscas.ac.cn
drivers/media/rc/lirc_dev.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index a2257dc2f25d..ed839e15fa16 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -765,6 +765,7 @@ int lirc_register(struct rc_dev *dev) return 0; out_ida:
- put_device(&dev->lirc_dev); ida_free(&lirc_ida, minor); return err;
}
2.25.1