2022-04-13 00:01:27

by Hangyu Hua

[permalink] [raw]
Subject: [PATCH v3] usb: usbip: fix a refcount leak in stub_probe()

usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
after that, usb_put_dev() needs to be called to release the reference.

Fix this by moving usb_put_dev() to sdev_free error path handling.

Find this by code review.

Fixes: 3ff67445750a ("usbip: fix error handling in stub_probe()")
Signed-off-by: Hangyu Hua <[email protected]>
Reviewed-by: Shuah Khan <[email protected]>
---

v2: add more description of this patch.

v3: add how to find the problem.

drivers/usb/usbip/stub_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c
index d8d3892e5a69..3c6d452e3bf4 100644
--- a/drivers/usb/usbip/stub_dev.c
+++ b/drivers/usb/usbip/stub_dev.c
@@ -393,7 +393,6 @@ static int stub_probe(struct usb_device *udev)

err_port:
dev_set_drvdata(&udev->dev, NULL);
- usb_put_dev(udev);

/* we already have busid_priv, just lock busid_lock */
spin_lock(&busid_priv->busid_lock);
@@ -408,6 +407,7 @@ static int stub_probe(struct usb_device *udev)
put_busid_priv(busid_priv);

sdev_free:
+ usb_put_dev(udev);
stub_device_free(sdev);

return rc;
--
2.25.1