Re: [PATCH] PCI: fix a memory leak of pci_host_bridge on error path

Bjorn Helgaas <bhelgaas@xxxxxxxxxx> · Wed, 29 Jan 2014 17:46:31 -0700

On Wed, Jan 29, 2014 at 5:23 PM, Yinghai Lu <yinghai@xxxxxxxxxx> wrote:
> On Wed, Jan 29, 2014 at 3:12 PM, Bjorn Helgaas <bhelgaas@xxxxxxxxxx> wrote:
>> On Wed, Jan 15, 2014 at 12:11:19AM +0100, Djalal Harouni wrote:
>>> On error paths make sure that the pci_host_bridge struct is freed.
>>>
>>> Signed-off-by: Djalal Harouni <tixxdz@xxxxxxxxxx>
>>
>> Applied to pci/misc, thanks!
>>
>>> ---
>>> On top of linux-next.
>>>
>>>  drivers/pci/probe.c | 10 +++++-----
>>>  1 file changed, 5 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
>>> index 23cdfac..483566c 100644
>>> --- a/drivers/pci/probe.c
>>> +++ b/drivers/pci/probe.c
>>> @@ -1771,15 +1771,13 @@ struct pci_bus *pci_create_root_bus(struct device *parent, int bus,
>>>       bridge->dev.release = pci_release_host_bridge_dev;
>>>       dev_set_name(&bridge->dev, "pci%04x:%02x", pci_domain_nr(b), bus);
>>>       error = pcibios_root_bridge_prepare(bridge);
>>> -     if (error) {
>>> -             kfree(bridge);
>>> -             goto err_out;
>>> -     }
>>> +     if (error)
>>> +             goto host_bridge_err;
>>>
>>>       error = device_register(&bridge->dev);
>>>       if (error) {
>>>               put_device(&bridge->dev);
>>> -             goto err_out;
>>> +             goto host_bridge_err;
>>>       }
>>>       b->bridge = get_device(&bridge->dev);
>>>       device_enable_async_suspend(b->bridge);
>>> @@ -1836,6 +1834,8 @@ struct pci_bus *pci_create_root_bus(struct device *parent, int bus,
>>>  class_dev_reg_err:
>>>       put_device(&bridge->dev);
>>>       device_unregister(&bridge->dev);
>>> +host_bridge_err:
>>> +     kfree(bridge);
>>>  err_out:
>>>       kfree(b);
>>>       return NULL;
>>> --
>
> Are you joking?
>
> NAK.
>
> even device_register fail,it will have one ref hold, and
> put_device(&bridge->dev)
> it will trigger bridge->dev.release aka pci_release_host_bridge_dev;
> that function will free the bridge.
> You will have double free.

OK, dropped, thanks.  I wasn't joking, I just made a mistake.

> commit 343df771e671d821478dd3ef525a0610b808dbf8
> Author: Jiang Liu <liuj97@xxxxxxxxx>
> Date:   Fri Jun 7 01:10:08 2013 +0800
>
>     PCI: Fix refcount issue in pci_create_root_bus() error recovery path
>
>     After calling device_register(&bridge->dev), the bridge is reference-
>     counted, and it is illegal to call kfree() on it except in the release
>     function.
>
>     [bhelgaas: changelog, use put_device() after device_register() failure]
>     Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx>
>     Signed-off-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
>     Cc: stable@xxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html