Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev

[Salah Triki]

On Sun, Aug 01, 2021 at 08:01:06PM +0200, Marcel Holtmann wrote:
> Hi Salah,
> 
> > Use usb_get_dev() to increment the reference count of the usb device
> > structure in order to avoid releasing the structure while it is still in
> > use. And use usb_put_dev() to decrement the reference count and thus,
> > when it will be equal to 0 the structure will be released.
> > 
> > Signed-off-by: Salah Triki <salah.triki@xxxxxxxxx>
> > ---
> > Change since v1:
> > 	Modification of the description
> > 
> > drivers/bluetooth/bcm203x.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c
> > index e667933c3d70..547d35425d70 100644
> > --- a/drivers/bluetooth/bcm203x.c
> > +++ b/drivers/bluetooth/bcm203x.c
> > @@ -166,7 +166,7 @@ static int bcm203x_probe(struct usb_interface *intf, const struct usb_device_id
> > 	if (!data)
> > 		return -ENOMEM;
> > 
> > -	data->udev  = udev;
> > +	data->udev  = usb_get_dev(udev);
> > 	data->state = BCM203X_LOAD_MINIDRV;
> > 
> > 	data->urb = usb_alloc_urb(0, GFP_KERNEL);
> > @@ -244,6 +244,8 @@ static void bcm203x_disconnect(struct usb_interface *intf)
> > 
> > 	usb_set_intfdata(intf, NULL);
> > 
> > +	usb_put_dev(data->udev);
> > +
> > 	usb_free_urb(data->urb);
> > 	kfree(data->fw_data);
> > 	kfree(data->buffer);
> 
> I do not understand this. If this is something broken, then it is broken in
> btusb.c as well and that driver is heavily used by all sorts of devices. So
> we should have seen bug reports about this.
> 
> Regards
> 
> Marcel
> 
Hi Marcel,

The patch is based on the following documentation of usb_get_dev():

[quote]
Each live reference to a device should be refcounted.

Drivers for USB interfaces should normally record such references in their
probe() methods, when they bind to an interface, and release them by calling 
usb_put_dev(), in their disconnect() methods.
[/quote]

Regards

Salah