| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <83B958C5-1C7B-43C4-9EA2-93F8705B31A8@linux.dev> Date: Wed, 9 Apr 2025 16:16:59 +0200 From: Thorsten Blum <thorsten.blum@...ux.dev> To: Jonas Gorski <jonas.gorski@...il.com> Cc: John Crispin <john@...ozen.org>, Sergio Paracuellos <sergio.paracuellos@...il.com>, Thomas Bogendoerfer <tsbogend@...ha.franken.de>, stable@...r.kernel.org, linux-mips@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] MIPS: ralink: Fix refcount leak in ill_acc_of_setup() On 9. Apr 2025, at 14:57, Jonas Gorski wrote: > On Mon, Apr 7, 2025 at 10:32 AM Thorsten Blum wrote: >> >> The of_find_device_by_node() function increments the reference count of >> the embedded device, which should be released with put_device() when it >> is no longer needed. >> >> In ill_acc_of_setup(), put_device() is only called on error paths, but >> not on the success path. Fix this by calling put_device() before >> returning successfully. > > I would think this is very much deliberate as the device is used as > the priv argument of the registered IRQ handler. AFAIU as long as that > one is live the reference of the device needs to be kept. > > Dropping the reference of the device should only be done after > freeing/unregistering the IRQ again, which currently never happens. Thanks for the explanation. I assumed request_irq() would increment the refcount, but that's apparently not the case because it's just a cookie. Thanks, Thorsten
Powered by blists - more mailing lists