When platform_device_register() fails in adbdev_init(), the embedded
struct device in adb_pfdev has already been initialized by
device_initialize(), but the failure path does not drop the device
reference for the current platform device:
adbdev_init()
platform_device_register(&adb_pfdev)
device_initialize(&adb_pfdev.dev)
setup_pdev_dma_masks(&adb_pfdev)
return platform_device_add(&adb_pfdev)
As documented in platform_device_register(), the caller must use
platform_device_put() to give up the reference initialized in this
function when registration fails.
This leads to a reference leak when platform_device_register() fails.
Fix this by checking the return value and calling platform_device_put().
The issue was identified by a static analysis tool I developed and
confirmed by manual review.
Fixes: c9f6d3d5c6d4f ("[POWERPC] adb: Replace sleep notifier with platform
driver suspend/resume hooks")
Cc: [email protected]
Signed-off-by: Guangshuo Li <[email protected]>
---
drivers/macintosh/adb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/macintosh/adb.c b/drivers/macintosh/adb.c
index fe150125e099..eff06f78aa80 100644
--- a/drivers/macintosh/adb.c
+++ b/drivers/macintosh/adb.c
@@ -883,6 +883,8 @@ adb_dummy_probe(struct platform_device *dev)
static void __init
adbdev_init(void)
{
+ int err;
+
if (register_chrdev(ADB_MAJOR, "adb", &adb_fops)) {
pr_err("adb: unable to get major %d\n", ADB_MAJOR);
return;
@@ -893,6 +895,9 @@ adbdev_init(void)
device_create(&adb_dev_class, NULL, MKDEV(ADB_MAJOR, 0), NULL, "adb");
- platform_device_register(&adb_pfdev);
+ err = platform_device_register(&adb_pfdev);
+ if (err)
+ platform_device_put(&adb_pfdev);
+
platform_driver_probe(&adb_pfdrv, adb_dummy_probe);
}
--
2.43.0
