[PATCH] i3c: fix refcount inconsistency in i3c_master_register
Frank Li
Frank.li at nxp.com
Thu Oct 9 09:17:11 PDT 2025
On Wed, Oct 08, 2025 at 03:27:09PM +0800, Shuhao Fu wrote:
> In `i3c_master_register`, a possible refcount inconsistency has been
> identified, causing possible resource leak.
>
> Function `of_node_get` increases the refcount of `parent->of_node`. If
> function `i3c_bus_init` fails, the function returns immediately without
> a corresponding decrease, resulting in an inconsistent refcounter.
>
> In this patch, an extra goto label is added to ensure the balance of
> refcount when `i3c_bus_init` fails.
>
> Fixes: 3a379bbcea0a ("i3c: Add core I3C infrastructure")
> Signed-off-by: Shuhao Fu <sfual at cse.ust.hk>
> ---
> drivers/i3c/master.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c
> index d946db75d..9f4fe98d2 100644
> --- a/drivers/i3c/master.c
> +++ b/drivers/i3c/master.c
> @@ -2885,7 +2885,7 @@ int i3c_master_register(struct i3c_master_controller *master,
>
> ret = i3c_bus_init(i3cbus, master->dev.of_node);
> if (ret)
> - return ret;
> + goto err_put_of_node;
I think it'd better to set release function for master dev to release
of_node because of_node_put() also missed at i3c_master_unregister()
you can refer drivers/base/platform.c
Frank
>
> device_initialize(&master->dev);
> dev_set_name(&master->dev, "i3c-%d", i3cbus->id);
> @@ -2973,6 +2973,9 @@ int i3c_master_register(struct i3c_master_controller *master,
> err_put_dev:
> put_device(&master->dev);
>
> +err_put_of_node:
> + of_node_put(master->dev.of_node);
> +
> return ret;
> }
> EXPORT_SYMBOL_GPL(i3c_master_register);
> --
> 2.39.5 (Apple Git-154)
>
>
> --
> linux-i3c mailing list
> linux-i3c at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-i3c
More information about the linux-i3c
mailing list