-
On Fri, May 28, 2021 at 9:33 PM Dan Carpenter dan.carpenter@oracle.com wrote:
On Fri, May 28, 2021 at 09:17:57PM +0800, Dongliang Mu wrote:
The snd_ctl_led_sysfs_add and snd_ctl_led_sysfs_remove should contain the refcount operations in pair. However, snd_ctl_led_sysfs_remove fails to decrease the refcount to zero, which causes device_release never to be invoked. This leads to memory leak to some resources, like struct device_private.
Fix this by calling put_device at the end of snd_ctl_led_sysfs_remove
Reported-by: syzbot+08a7d8b51ea048a74ffb@syzkaller.appspotmail.com Fixes: a135dfb5de1 ("ALSA: led control - add sysfs kcontrol LED marking layer") Signed-off-by: Dongliang Mu mudongliangabcd@gmail.com
sound/core/control_led.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/sound/core/control_led.c b/sound/core/control_led.c index 25f57c14f294..fff2688b5019 100644 --- a/sound/core/control_led.c +++ b/sound/core/control_led.c @@ -371,6 +371,10 @@ static void snd_ctl_led_disconnect(struct snd_card *card) snd_ctl_led_refresh(); }
+static void snd_ctl_led_release(struct device *dev) +{ +}
Whatever you're trying to do, adding a dummy function is never the answer.
I see your point. This function I added is not to fix the root cause, but to fix an issue caused by the release function when the device is released.
The put_device is to fix the root cause(i.e., decrease the refcount to zero), however, the result is dev->p and kobject can be freed, but it will trigger a WARN [1] as it has no release method.
I don't know how to craft a release method for such a device. So this dummy function is generated following the default_release, also a dummy function.
Can you please give some advise on how to fix this WARN issue?
[1] https://elixir.bootlin.com/linux/latest/source/drivers/base/core.c#L2110
regards, dan carpenter