January 2025 - Linux-stable-mirror

[PATCH] ibmvnic: Add tx check to prevent skb leak

by Denis Arefev

From: Nick Child <nnac123(a)linux.ibm.com> From: Nick Child <nnac123(a)linux.ibm.com> commit 0983d288caf984de0202c66641577b739caad561 upstream. Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null] The driver has checks to ensure that free_map[consumer_index] pointed to a valid index but there was no check to ensure that this index pointed to an unused/null skb address. So, if, by some chance, our free_map and tx_buff lists become out of sync then we were previously risking an skb memory leak. This could then cause tcp congestion control to stop sending packets, eventually leading to ETIMEDOUT. Therefore, add a conditional to ensure that the skb address is null. If not then warn the user (because this is still a bug that should be patched) and free the old pointer to prevent memleak/tcp problems. Signed-off-by: Nick Child <nnac123(a)linux.ibm.com> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- Backport fix for CVE-2024-41066 Link: https://nvd.nist.gov/vuln/detail/CVE-2024-41066 --- drivers/net/ethernet/ibm/ibmvnic.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c index 84da6ccaf339..439796975cbf 100644 --- a/drivers/net/ethernet/ibm/ibmvnic.c +++ b/drivers/net/ethernet/ibm/ibmvnic.c @@ -1625,6 +1625,18 @@ static netdev_tx_t ibmvnic_xmit(struct sk_buff *skb, struct net_device *netdev) (tx_pool->consumer_index + 1) % tx_pool->num_buffers; tx_buff = &tx_pool->tx_buff[index]; + + /* Sanity checks on our free map to make sure it points to an index + * that is not being occupied by another skb. If skb memory is + * not freed then we see congestion control kick in and halt tx. + */ + if (unlikely(tx_buff->skb)) { + dev_warn_ratelimited(dev, "TX free map points to untracked skb (%s %d idx=%d)\n", + skb_is_gso(skb) ? "tso_pool" : "tx_pool", + queue_num, bufidx); + dev_kfree_skb_any(tx_buff->skb); + } + tx_buff->skb = skb; tx_buff->data_dma[0] = data_dma_addr; tx_buff->data_len[0] = skb->len; -- 2.43.0

3 months

1
0
0 0

[PATCH 5.10] fou: remove warn in gue_gro_receive on unsupported protocol

by Denis Arefev

From: Willem de Bruijn <willemb(a)google.com> commit dd89a81d850fa9a65f67b4527c0e420d15bf836c upstream. Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks"). Signed-off-by: Willem de Bruijn <willemb(a)google.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://lore.kernel.org/r/20240614122552.1649044-1-willemdebruijn.kernel@gm… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- Backport fix for CVE-2024-44940 Link: https://www.cve.org/CVERecord/?id=CVE-2024-44940 --- net/ipv4/fou.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c index 1d67df4d8ed6..b1a8e4eec3f6 100644 --- a/net/ipv4/fou.c +++ b/net/ipv4/fou.c @@ -453,7 +453,7 @@ static struct sk_buff *gue_gro_receive(struct sock *sk, offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads; ops = rcu_dereference(offloads[proto]); - if (WARN_ON_ONCE(!ops || !ops->callbacks.gro_receive)) + if (!ops || !ops->callbacks.gro_receive) goto out; pp = call_gro_receive(ops->callbacks.gro_receive, head, skb); -- 2.43.0

3 months

1
0
0 0

[PATCH 1/1] iommu/vt-d: Make intel_iommu_drain_pasid_prq() cover faults for RID

by Lu Baolu

This driver supports page faults on PCI RID since commit <9f831c16c69e> ("iommu/vt-d: Remove the pasid present check in prq_event_thread") by allowing the reporting of page faults with the pasid_present field cleared to the upper layer for further handling. The fundamental assumption here is that the detach or replace operations act as a fence for page faults. This implies that all pending page faults associated with a specific RID or PASID are flushed when a domain is detached or replaced from a device RID or PASID. However, the intel_iommu_drain_pasid_prq() helper does not correctly handle faults for RID. This leads to faults potentially remaining pending in the iommu hardware queue even after the domain is detached, thereby violating the aforementioned assumption. Fix this issue by extending intel_iommu_drain_pasid_prq() to cover faults for RID. Fixes: 9f831c16c69e ("iommu/vt-d: Remove the pasid present check in prq_event_thread") Cc: stable(a)vger.kernel.org Suggested-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/intel/prq.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel/prq.c b/drivers/iommu/intel/prq.c index c2d792db52c3..043f02d7b460 100644 --- a/drivers/iommu/intel/prq.c +++ b/drivers/iommu/intel/prq.c @@ -87,7 +87,8 @@ void intel_iommu_drain_pasid_prq(struct device *dev, u32 pasid) struct page_req_dsc *req; req = &iommu->prq[head / sizeof(*req)]; - if (!req->pasid_present || req->pasid != pasid) { + if (req->rid != sid || + (req->pasid_present && req->pasid != pasid)) { head = (head + sizeof(*req)) & PRQ_RING_MASK; continue; } -- 2.43.0

3 months

3
3
0 0

Integrated Systems Europe 2025 Exhibitors List!

by Grace Green

Hi, Are you interested in the latest attendee and exhibitor lists for Integrated Systems Europe 2025? This comprehensive database now includes last-minute registrants, providing you with up-to-date and actionable insights. Event Details: Dates: 04 - 07 Feb 2025 Location: Fira Barcelona Gran Via, Barcelona, Spain Exhibitors: 1,460 Attendees: 73,891 Data fields: Induvial Email address, Cell Phone Number, Contact Name, Job Title, Company Name, Company website, Physical Address and more), Would you like details on the attendees list, exhibitors list, or both? Let me know, and I’ll be happy to share pricing details and answer any questions. Looking forward to hearing from you! Best regards, Grace Green Sr. Demand Generation P.S. If you’d prefer not to receive updates, simply reply with “NO.”

3 months

1
0
0 0

[PATCH] cpufreq: s3c64xx: Fix compilation warning

by Viresh Kumar

The driver generates following warning when regulator support isn't enabled in the kernel. Fix it. drivers/cpufreq/s3c64xx-cpufreq.c: In function 's3c64xx_cpufreq_set_target': >> drivers/cpufreq/s3c64xx-cpufreq.c:55:22: warning: variable 'old_freq' set but not used [-Wunused-but-set-variable] 55 | unsigned int old_freq, new_freq; | ^~~~~~~~ >> drivers/cpufreq/s3c64xx-cpufreq.c:54:30: warning: variable 'dvfs' set but not used [-Wunused-but-set-variable] 54 | struct s3c64xx_dvfs *dvfs; | ^~~~ Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202501191803.CtfT7b2o-lkp@intel.com/ Cc: <stable(a)vger.kernel.org> # v5.4+ Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> --- drivers/cpufreq/s3c64xx-cpufreq.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/cpufreq/s3c64xx-cpufreq.c b/drivers/cpufreq/s3c64xx-cpufreq.c index c6bdfc308e99..8fc43a74cefb 100644 --- a/drivers/cpufreq/s3c64xx-cpufreq.c +++ b/drivers/cpufreq/s3c64xx-cpufreq.c @@ -51,15 +51,16 @@ static struct cpufreq_frequency_table s3c64xx_freq_table[] = { static int s3c64xx_cpufreq_set_target(struct cpufreq_policy *policy, unsigned int index) { - struct s3c64xx_dvfs *dvfs; - unsigned int old_freq, new_freq; + unsigned int new_freq = s3c64xx_freq_table[index].frequency; int ret; +#ifdef CONFIG_REGULATOR + struct s3c64xx_dvfs *dvfs; + unsigned int old_freq; + old_freq = clk_get_rate(policy->clk) / 1000; - new_freq = s3c64xx_freq_table[index].frequency; dvfs = &s3c64xx_dvfs_table[s3c64xx_freq_table[index].driver_data]; -#ifdef CONFIG_REGULATOR if (vddarm && new_freq > old_freq) { ret = regulator_set_voltage(vddarm, dvfs->vddarm_min, -- 2.31.1.272.g89b43f80a514

3 months

1
0
0 0

Kernel bug found in linux6.9-rc7

by ffhgfv

Hello, I found a bug titled “ kernel BUG in ocfs2_refcount_cal_cow_clusters” with modified syzkaller in the Linux6.9-rc7 relegated to oracle cluster file system. If you fix this issue, please add the following tag to the commit: Reported-by:jianzhou zhao <xnxc22xnxc22(a)qq.com> , xingwei lee < xrivendell7(a)gmail.com> ------------[ cut here ]------------ Title: 'kernel BUG in ocfs2_refcount_cal_cow_clusters'  ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. kernel BUG at fs/ocfs2/refcounttree.c:2684! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 7960 Comm: syz-executor385 Not tainted 6.9.0-rc7 #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:ocfs2_refcount_cal_cow_clusters+0x667/0x960 fs/ocfs2/refcounttree.c:2684 Code: f3 45 86 48 c7 c6 c0 32 5a 85 4d 8b 44 24 18 48 8b 48 40 48 8b 78 28 e8 67 29 05 00 41 89 c4 e9 e5 fd ff ff e8 4a 14 40 ff 90 <0f> 0b e8 42 14 40 ff 48 8b 55 a8 44 89 e8 44 89 fb 44 29 f8 89 02 RSP: 0018:ffff8880462cfba0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8880528b04d0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8880462cfc18 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 FS:  0000555576e563c0(0000) GS:ffff88807ec00000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000d000 CR3: 0000000045e3e000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace:  <TASK>  ocfs2_refcount_cow_hunk+0x98/0x550 fs/ocfs2/refcounttree.c:3394  ocfs2_refcount_cow+0x65/0x2e0 fs/ocfs2/refcounttree.c:3476  ocfs2_prepare_inode_for_write.isra.0+0x630/0x970 fs/ocfs2/file.c:2326  ocfs2_file_write_iter+0x23d/0xb10 fs/ocfs2/file.c:2435  call_write_iter include/linux/fs.h:2110 [inline]  new_sync_write fs/read_write.c:497 [inline]  vfs_write+0x5a0/0x6e0 fs/read_write.c:590  ksys_write+0x9b/0x160 fs/read_write.c:643  __do_sys_write fs/read_write.c:655 [inline]  __se_sys_write fs/read_write.c:652 [inline]  __x64_sys_write+0x21/0x40 fs/read_write.c:652  x64_sys_call+0x1889/0x2680 arch/x86/include/generated/asm/syscalls_64.h:2  do_syscall_x64 arch/x86/entry/common.c:52 [inline]  do_syscall_64+0xa8/0x1f0 arch/x86/entry/common.c:83  entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb511ea303d Code: c3 e8 c7 24 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff6b9aefa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb511ea303d RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000009 RBP: 00007fff6b9af040 R08: 0000000000000140 R09: 0000000000000140 R10: 0000000000000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00000000000f4240 R14: 00007fff6b9aefc4 R15: 00007fff6b9aefd0  </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:ocfs2_refcount_cal_cow_clusters+0x667/0x960 fs/ocfs2/refcounttree.c:2684 Code: f3 45 86 48 c7 c6 c0 32 5a 85 4d 8b 44 24 18 48 8b 48 40 48 8b 78 28 e8 67 29 05 00 41 89 c4 e9 e5 fd ff ff e8 4a 14 40 ff 90 <0f> 0b e8 42 14 40 ff 48 8b 55 a8 44 89 e8 44 89 fb 44 29 f8 89 02 RSP: 0018:ffff8880462cfba0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8880528b04d0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8880462cfc18 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 FS:  0000555576e563c0(0000) GS:ffff88807ec00000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000d000 CR3: 0000000045e3e000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 ================================================================== The commit of the kernel I used is “dd5a440a31fae6e459c0d6271dddd62825505361”  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd5a440a31fae6e459c0d6271dddd62825505361 Kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=7144… Complier: gcc 11.4.0 The repro is shown in annex repro.c.txt I hope it helps. Best regards Jianzhou Zhao, Xingwei Lee.

3 months

2
2
0 0

BUG ? exc_page_fault() was optimized out of fred_hwexc() by gcc with default kernel build option (-O2).

by Ethan Zhao

Hi, Xin, Peter While checking the asm code of arch/x86/entry/entry_fred.o about function fred_hwexc(), found the code was generated as following : 0000000000000200 <fred_hwexc.constprop.0>: 200: 0f b6 87 a4 00 00 00 movzbl 0xa4(%rdi),%eax 207: 3c 0e cmp $0xe,%al /* match X86_TRAP_PF */ 209: 75 05 jne 210 <fred_hwexc.constprop.0+0x10> 20b: e9 00 00 00 00 jmp 210 <fred_hwexc.constprop.0+0x10> 210: 3c 0b cmp $0xb,%al 212: 74 6a je 27e <fred_hwexc.constprop.0+0x7e> 214: 77 17 ja 22d <fred_hwexc.constprop.0+0x2d> 216: 3c 06 cmp $0x6,%al 218: 0f 84 83 00 00 00 je 2a1 <fred_hwexc.constprop.0+0xa1> 21e: 76 29 jbe 249 <fred_hwexc.constprop.0+0x49> 220: 3c 08 cmp $0x8,%al 222: 74 78 je 29c <fred_hwexc.constprop.0+0x9c> 224: 3c 0a cmp $0xa,%al 226: 75 18 jne 240 <fred_hwexc.constprop.0+0x40> 228: e9 00 00 00 00 jmp 22d <fred_hwexc.constprop.0+0x2d> 22d: 3c 11 cmp $0x11,%al 22f: 74 66 je 297 <fred_hwexc.constprop.0+0x97> 231: 76 2c jbe 25f <fred_hwexc.constprop.0+0x5f> 233: 3c 13 cmp $0x13,%al 235: 74 5b je 292 <fred_hwexc.constprop.0+0x92> 237: 3c 15 cmp $0x15,%al 239: 75 1b jne 256 <fred_hwexc.constprop.0+0x56> 23b: e9 00 00 00 00 jmp 240 <fred_hwexc.constprop.0+0x40> 240: 3c 07 cmp $0x7,%al 242: 75 49 jne 28d <fred_hwexc.constprop.0+0x8d> 244: e9 00 00 00 00 jmp 249 <fred_hwexc.constprop.0+0x49> 249: 3c 01 cmp $0x1,%al 24b: 74 3b je 288 <fred_hwexc.constprop.0+0x88> 24d: 3c 05 cmp $0x5,%al 24f: 75 1b jne 26c <fred_hwexc.constprop.0+0x6c> 251: e9 00 00 00 00 jmp 256 <fred_hwexc.constprop.0+0x56> 256: 3c 12 cmp $0x12,%al 258: 75 33 jne 28d <fred_hwexc.constprop.0+0x8d> 25a: e9 00 00 00 00 jmp 25f <fred_hwexc.constprop.0+0x5f> seems the following calling to exc_page_fault() was optimized out from fred_hwexc() by gcc, if(likely(regs->fred_ss.vector==X86_TRAP_PF)) returnexc_page_fault(regs,error_code); gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) GNU objdump (GNU Binutils) 2.43 default kernel config. .config:CONFIG_X86_FRED=y my understanding, -O2 is the default kernel KBUILD_CFLAGS So, Are there any workaround needed to make the kernel works with default build ? or just as Peter said in another loop, manually loading some event bits to make the over-smart gcc behave normally ？or fall back to -O(ption)0 ? Any idea, much appreciated ! Thanks, Ethan

3 months

3
3
0 0

Linux 6.1.126

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.126 kernel. Only upgrade if 6.1.125 did not build properly for you. If it did build properly, no need to upgrade. Thanks to Ron Economos for the fix for this issue. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/usb/host/xhci-pci.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) Greg Kroah-Hartman (1): Linux 6.1.126 Ron Economos (1): Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals

3 months

1
1
0 0

[PATCH 6.1] Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals

by Ron Economos

commit 9734fd7a27772016b1f6e31a03258338a219d7d6 This fixes the build when CONFIG_PM is not set Signed-off-by: Ron Economos <re(a)w6rz.net> --- drivers/usb/host/xhci-pci.c | 8 +++++++- include/linux/usb/hcd.h | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 1d71e8ef9919..2ff049e02326 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -571,6 +571,7 @@ static void xhci_pci_remove(struct pci_dev *dev) pci_set_power_state(dev, PCI_D3hot); } +#ifdef CONFIG_PM /* * In some Intel xHCI controllers, in order to get D3 working, * through a vendor specific SSIC CONFIG register at offset 0x883c, @@ -720,6 +721,7 @@ static void xhci_pci_shutdown(struct usb_hcd *hcd) if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) pci_set_power_state(pdev, PCI_D3hot); } +#endif /* CONFIG_PM */ /*-------------------------------------------------------------------------*/ @@ -761,17 +763,21 @@ static struct pci_driver xhci_pci_driver = { /* suspend and resume implemented later */ .shutdown = usb_hcd_pci_shutdown, +#ifdef CONFIG_PM .driver = { - .pm = pm_ptr(&usb_hcd_pci_pm_ops), + .pm = &usb_hcd_pci_pm_ops }, +#endif }; static int __init xhci_pci_init(void) { xhci_init_driver(&xhci_pci_hc_driver, &xhci_pci_overrides); +#ifdef CONFIG_PM xhci_pci_hc_driver.pci_suspend = xhci_pci_suspend; xhci_pci_hc_driver.pci_resume = xhci_pci_resume; xhci_pci_hc_driver.shutdown = xhci_pci_shutdown; +#endif return pci_register_driver(&xhci_pci_driver); } module_init(xhci_pci_init); diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h index 575716d3672a..cd667acf6267 100644 --- a/include/linux/usb/hcd.h +++ b/include/linux/usb/hcd.h @@ -486,7 +486,9 @@ extern void usb_hcd_pci_shutdown(struct pci_dev *dev); extern int usb_hcd_amd_remote_wakeup_quirk(struct pci_dev *dev); +#ifdef CONFIG_PM extern const struct dev_pm_ops usb_hcd_pci_pm_ops; +#endif #endif /* CONFIG_USB_PCI */ /* pci-ish (pdev null is ok) buffer alloc/mapping support */ -- 2.43.0

3 months

5
5
0 0

[PATCH v2 RESEND] phy: Fix error handling in tegra_xusb_port_init

by Ma Ke

If device_add() fails, do not use device_unregister() for error handling. device_unregister() consists two functions: device_del() and put_device(). device_unregister() should only be called after device_add() succeeded because device_del() undoes what device_add() does if successful. Change device_unregister() to put_device() call before returning from the function. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 53d2a715c240 ("phy: Add Tegra XUSB pad controller support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the bug description as suggestions. --- drivers/phy/tegra/xusb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c index 79d4814d758d..c89df95aa6ca 100644 --- a/drivers/phy/tegra/xusb.c +++ b/drivers/phy/tegra/xusb.c @@ -548,16 +548,16 @@ static int tegra_xusb_port_init(struct tegra_xusb_port *port, err = dev_set_name(&port->dev, "%s-%u", name, index); if (err < 0) - goto unregister; + goto put_device; err = device_add(&port->dev); if (err < 0) - goto unregister; + goto put_device; return 0; -unregister: - device_unregister(&port->dev); +put_device: + put_device(&port->dev); return err; } -- 2.25.1

3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2025