On Fri, Jun 07, 2013 at 01:10:08AM +0800, Jiang Liu wrote: > On pci_create_root_bus() error recovery path, device_unregister(&bridge->dev) > should have freed memory used by bridge, so we shouldn't call kfree(bridge) > again, it's a double free. > > On the other hand, we should not use kfree() to free memory used by > device object once we have invoked device_register() because it's > reference-counted. > > Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > --- > Hi Bjorn, > This is the patch to fix the kfree() issue, it may be a material > for stable trees. > Thanks! > Gerry > --- > drivers/pci/probe.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) > > diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c > index 8882b5d..2f81a0a 100644 > --- a/drivers/pci/probe.c > +++ b/drivers/pci/probe.c > @@ -1729,12 +1729,16 @@ struct pci_bus *pci_create_root_bus(struct device *parent, int bus, > bridge->dev.release = pci_release_bus_bridge_dev; > dev_set_name(&bridge->dev, "pci%04x:%02x", pci_domain_nr(b), bus); > error = pcibios_root_bridge_prepare(bridge); > - if (error) > - goto bridge_dev_reg_err; > + if (error) { > + kfree(bridge); > + goto err_out; > + } > > error = device_register(&bridge->dev); > - if (error) > - goto bridge_dev_reg_err; > + if (error) { > + kfree(bridge); Per device_register() comment, this should be a put_device(). I added this patch with that change to my pci/jiang-bus-lock-v3 branch. I know a subsequent patch removes this anyway. I might be a little obsessive. > + goto err_out; > + } > b->bridge = get_device(&bridge->dev); > device_enable_async_suspend(b->bridge); > pci_set_bus_of_node(b); > @@ -1790,8 +1794,6 @@ struct pci_bus *pci_create_root_bus(struct device *parent, int bus, > class_dev_reg_err: > put_device(&bridge->dev); > device_unregister(&bridge->dev); > -bridge_dev_reg_err: > - kfree(bridge); > err_out: > kfree(b); > return NULL; > -- > 1.8.1.2 > -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html