The mei_ace driver contains a device reference count leak in mei_ace_setup_dev_link() where device_find_child_by_name() increases the reference count of the found device but this reference is not properly decreased in the success path. Add put_device() in mei_ace_setup_dev_link() and delete put_device() in mei_ace_remove(), which ensures that the reference count of the device is correctly managed regardless of whether the probe is successful or fails.
Found by code review.
Cc: stable@vger.kernel.org Fixes: 78876f71b3e9 ("media: pci: intel: ivsc: Add ACE submodule") Signed-off-by: Ma Ke make24@iscas.ac.cn --- Changes in v2: - modified the put_device() operations and the patch title as suggestions. --- drivers/media/pci/intel/ivsc/mei_ace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/intel/ivsc/mei_ace.c b/drivers/media/pci/intel/ivsc/mei_ace.c index 98310b8511b1..bb57656fc85a 100644 --- a/drivers/media/pci/intel/ivsc/mei_ace.c +++ b/drivers/media/pci/intel/ivsc/mei_ace.c @@ -420,6 +420,7 @@ static int mei_ace_setup_dev_link(struct mei_ace *ace) goto err_put; }
+ put_device(csi_dev); ace->csi_dev = csi_dev;
return 0; @@ -522,7 +523,6 @@ static void mei_ace_remove(struct mei_cl_device *cldev) cancel_work_sync(&ace->work);
device_link_del(ace->csi_link); - put_device(ace->csi_dev);
pm_runtime_disable(&cldev->dev); pm_runtime_set_suspended(&cldev->dev);
Hi Ma,
On Mon, Sep 22, 2025 at 05:43:35PM +0800, Ma Ke wrote:
The mei_ace driver contains a device reference count leak in mei_ace_setup_dev_link() where device_find_child_by_name() increases the reference count of the found device but this reference is not properly decreased in the success path. Add put_device() in mei_ace_setup_dev_link() and delete put_device() in mei_ace_remove(), which ensures that the reference count of the device is correctly managed regardless of whether the probe is successful or fails.
Found by code review.
Cc: stable@vger.kernel.org Fixes: 78876f71b3e9 ("media: pci: intel: ivsc: Add ACE submodule")
As this isn't a bug fix, I don't think we need these two tags. This should be taken into account in the subject and commit message as well.
Signed-off-by: Ma Ke make24@iscas.ac.cn
Changes in v2:
- modified the put_device() operations and the patch title as suggestions.
drivers/media/pci/intel/ivsc/mei_ace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/intel/ivsc/mei_ace.c b/drivers/media/pci/intel/ivsc/mei_ace.c index 98310b8511b1..bb57656fc85a 100644 --- a/drivers/media/pci/intel/ivsc/mei_ace.c +++ b/drivers/media/pci/intel/ivsc/mei_ace.c @@ -420,6 +420,7 @@ static int mei_ace_setup_dev_link(struct mei_ace *ace) goto err_put; }
- put_device(csi_dev);
You can do this right after calling device_link_add().
ace->csi_dev = csi_dev; return 0; @@ -522,7 +523,6 @@ static void mei_ace_remove(struct mei_cl_device *cldev) cancel_work_sync(&ace->work); device_link_del(ace->csi_link);
- put_device(ace->csi_dev);
pm_runtime_disable(&cldev->dev); pm_runtime_set_suspended(&cldev->dev);
linux-stable-mirror@lists.linaro.org
-
Ma Ke -
Sakari Ailus