On Sun, 14 Dec 2025 21:17:26 +0800 Ma Ke make24@iscas.ac.cn wrote:
nfc_genl_dump_targets() increments the device reference count via nfc_get_device() but fails to decrement it properly. nfc_get_device() calls class_find_device() which internally calls get_device() to increment the reference count. No corresponding put_device() is made to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when the dump operation completes or encounters an error, ensuring balanced reference counting.
Found by code review.
Is that some half-hearted AI code review?
Isn't the 'put' done by nfc_genl_dump_targets_done() which it looks like the outer code calls sometime later on.
David
Cc: stable@vger.kernel.org Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface") Signed-off-by: Ma Ke make24@iscas.ac.cn
net/nfc/netlink.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index a18e2c503da6..9ae138ee91dd 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb, cb->args[0] = i;
- if (rc < 0 || i >= dev->n_targets) {
nfc_put_device(dev);cb->args[1] = 0;- }
- return skb->len;
}