floppy: fix reference leak on platform_device_register() failure

When platform_device_register() fails in do_floppy_init(), the embedded
struct device in floppy_device[drive] has already been initialized by
device_initialize(), but the failure path jumps to out_remove_drives
without dropping the device reference for the current drive.

Previously registered floppy devices are cleaned up in out_remove_drives,
but the device for the drive that fails registration is not, leading to
a reference leak.

The issue was identified by a static analysis tool I developed and
confirmed by manual review. Fix this by calling put_device() for the
current floppy device before jumping to the common cleanup path.

Fixes: 94fd0db7bfb4a ("[PATCH] Floppy: Add cmos attribute to floppy driver")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
Link: https://patch.msgid.link/20260415145708.3331818-1-lgs201920130244@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index 0509746f8aed01b291d07cc463d2053994c1121e..a028bf6b8ae2bb95a46e5690191669a6e41ddfb0 100644 (file)
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -4722,15 +4722,19 @@ static int __init do_floppy_init(void)
                floppy_device[drive].dev.groups = floppy_dev_groups;
 
                err = platform_device_register(&floppy_device[drive]);
-               if (err)
+               if (err) {
+                       platform_device_put(&floppy_device[drive]);
                        goto out_remove_drives;
-
+               }
                registered[drive] = true;
 
                err = device_add_disk(&floppy_device[drive].dev,
                                      disks[drive][0], NULL);
-               if (err)
+               if (err) {
+                       platform_device_unregister(&floppy_device[drive]);
+                       registered[drive] = false;
                        goto out_remove_drives;
+               }
        }
 
        return 0;