Using ipu_bridge_get_ivsc_csi_dev() to locate the device could cause an imbalance in the device's reference count. ipu_bridge_get_ivsc_csi_dev() calls device_find_child_by_name() to implement the localization, and device_find_child_by_name() calls an implicit get_device() to increment the device's reference count before returning the pointer. Throughout the entire implementation process, no mechanism releases resources properly. This leads to a memory leak because the reference count of the device is never decremented.

As the comment of device_find_child_by_name() says, 'NOTE: you will need to drop the reference with put_device() after use'.

Found by code review.

Cc: stable@vger.kernel.org Fixes: c66821f381ae ("media: pci: intel: Add IVSC support for IPU bridge driver") Signed-off-by: Ma Ke make24@iscas.ac.cn --- drivers/media/pci/intel/ipu-bridge.c | 1 + 1 file changed, 1 insertion(+)

diff --git a/drivers/media/pci/intel/ipu-bridge.c b/drivers/media/pci/intel/ipu-bridge.c index 83e682e1a4b7..f8b4672accab 100644 --- a/drivers/media/pci/intel/ipu-bridge.c +++ b/drivers/media/pci/intel/ipu-bridge.c @@ -192,6 +192,7 @@ static int ipu_bridge_check_ivsc_dev(struct ipu_sensor *sensor,

sensor->csi_dev = csi_dev; sensor->ivsc_adev = adev; + put_device(csi_dev); }

return 0;