nfc_genl_dump_targets() increments the device reference count via nfc_get_device() but fails to decrement it properly. nfc_get_device() calls class_find_device() which internally calls get_device() to increment the reference count. No corresponding put_device() is made to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when the dump operation completes or encounters an error, ensuring balanced reference counting.
Found by code review.
Cc: stable@vger.kernel.org Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface") Signed-off-by: Ma Ke make24@iscas.ac.cn --- net/nfc/netlink.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index a18e2c503da6..9ae138ee91dd 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb,
cb->args[0] = i;
+ if (rc < 0 || i >= dev->n_targets) { + nfc_put_device(dev); + cb->args[1] = 0; + } + return skb->len; }
On Sun, 14 Dec 2025 21:17:26 +0800 Ma Ke make24@iscas.ac.cn wrote:
nfc_genl_dump_targets() increments the device reference count via nfc_get_device() but fails to decrement it properly. nfc_get_device() calls class_find_device() which internally calls get_device() to increment the reference count. No corresponding put_device() is made to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when the dump operation completes or encounters an error, ensuring balanced reference counting.
Found by code review.
Is that some half-hearted AI code review?
Isn't the 'put' done by nfc_genl_dump_targets_done() which it looks like the outer code calls sometime later on.
David
Cc: stable@vger.kernel.org Fixes: 4d12b8b129f1 ("NFC: add nfc generic netlink interface") Signed-off-by: Ma Ke make24@iscas.ac.cn
net/nfc/netlink.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index a18e2c503da6..9ae138ee91dd 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -159,6 +159,11 @@ static int nfc_genl_dump_targets(struct sk_buff *skb, cb->args[0] = i;
- if (rc < 0 || i >= dev->n_targets) {
nfc_put_device(dev);cb->args[1] = 0;- }
- return skb->len;
}
On Sun, 2025-12-14 at 13:54 +0000, David Laight wrote:
On Sun, 14 Dec 2025 21:17:26 +0800 Ma Ke make24@iscas.ac.cn wrote:
nfc_genl_dump_targets() increments the device reference count via nfc_get_device() but fails to decrement it properly. nfc_get_device() calls class_find_device() which internally calls get_device() to increment the reference count. No corresponding put_device() is made to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when the dump operation completes or encounters an error, ensuring balanced reference counting.
Found by code review.
Is that some half-hearted AI code review?
Probably. They also resubmitted the same patch after being told 3 weeks ago to go away.
johannes
On 14/12/2025 14:17, Ma Ke wrote:
nfc_genl_dump_targets() increments the device reference count via nfc_get_device() but fails to decrement it properly. nfc_get_device() calls class_find_device() which internally calls get_device() to increment the reference count. No corresponding put_device() is made to decrement the reference count.
Add proper reference count decrementing using nfc_put_device() when the dump operation completes or encounters an error, ensuring balanced reference counting.
Found by code review.
NAK, you completely ignore reviewers and send the same. That's not acceptable.
Best regards, Krzysztof
linux-stable-mirror@lists.linaro.org
-
David Laight -
Johannes Berg -
Krzysztof Kozlowski -
Ma Ke