1. Patchew
  2. linux
  3. View series

[PATCH] Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"

Zhe Qiao posted 1 patch 3 months, 3 weeks ago 
drivers/pci/pci-acpi.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
[PATCH] Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"
Posted by Zhe Qiao 3 months, 3 weeks ago 
This reverts commit 631b2af2f35737750af284be22e63da56bf20139.

The reverted patch causes the 'ri->cfg' and 'root_ops' resources to be
released multiple times.

When acpi_pci_root_create() fails, these resources have already been
released internally by the __acpi_pci_root_release_info() function.
Releasing them again in pci_acpi_scan_root() leads to incorrect behavior
and potential memory issues.

We plan to resolve the issue using a more appropriate fix.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/aEmdnuw715btq7Q5@stanley.mountain/
Cc: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Zhe Qiao <qiaozhe@iscas.ac.cn>
---
 drivers/pci/pci-acpi.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
index b78e0e417324..af370628e583 100644
--- a/drivers/pci/pci-acpi.c
+++ b/drivers/pci/pci-acpi.c
@@ -1676,19 +1676,24 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
 		return NULL;
 
 	root_ops = kzalloc(sizeof(*root_ops), GFP_KERNEL);
-	if (!root_ops)
-		goto free_ri;
+	if (!root_ops) {
+		kfree(ri);
+		return NULL;
+	}
 
 	ri->cfg = pci_acpi_setup_ecam_mapping(root);
-	if (!ri->cfg)
-		goto free_root_ops;
+	if (!ri->cfg) {
+		kfree(ri);
+		kfree(root_ops);
+		return NULL;
+	}
 
 	root_ops->release_info = pci_acpi_generic_release_info;
 	root_ops->prepare_resources = pci_acpi_root_prepare_resources;
 	root_ops->pci_ops = (struct pci_ops *)&ri->cfg->ops->pci_ops;
 	bus = acpi_pci_root_create(root, root_ops, &ri->common, ri->cfg);
 	if (!bus)
-		goto free_cfg;
+		return NULL;
 
 	/* If we must preserve the resource configuration, claim now */
 	host = pci_find_host_bridge(bus);
@@ -1705,14 +1710,6 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
 		pcie_bus_configure_settings(child);
 
 	return bus;
-
-free_cfg:
-	pci_ecam_free(ri->cfg);
-free_root_ops:
-	kfree(root_ops);
-free_ri:
-	kfree(ri);
-	return NULL;
 }
 
 void pcibios_add_bus(struct pci_bus *bus)
-- 
2.43.0
Re: [PATCH] Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"
Posted by Dan Carpenter 3 months, 3 weeks ago 
On Thu, Jun 19, 2025 at 03:26:08PM +0800, Zhe Qiao wrote:
> This reverts commit 631b2af2f35737750af284be22e63da56bf20139.
> 
> The reverted patch causes the 'ri->cfg' and 'root_ops' resources to be
> released multiple times.
> 
> When acpi_pci_root_create() fails, these resources have already been
> released internally by the __acpi_pci_root_release_info() function.
> Releasing them again in pci_acpi_scan_root() leads to incorrect behavior
> and potential memory issues.
> 
> We plan to resolve the issue using a more appropriate fix.
> 
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Closes: https://lore.kernel.org/all/aEmdnuw715btq7Q5@stanley.mountain/
> Cc: Dan Carpenter <dan.carpenter@linaro.org>
> Signed-off-by: Zhe Qiao <qiaozhe@iscas.ac.cn>

Acked-by: Dan Carpenter <dan.carpenter@linaro.org>

Reverting is probably the simplest option.  There is still an issue in
the code where in acpi_pci_root_create() the goto out_release_info
doesn't free sysdata except on the last goto.  So there is a small
leak.  But it's probably more theoretical than real.

regards,
dan carpenter
Re: [PATCH] Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()"
Posted by Rafael J. Wysocki 3 months, 2 weeks ago 
On Thu, Jun 19, 2025 at 4:30 PM Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> On Thu, Jun 19, 2025 at 03:26:08PM +0800, Zhe Qiao wrote:
> > This reverts commit 631b2af2f35737750af284be22e63da56bf20139.
> >
> > The reverted patch causes the 'ri->cfg' and 'root_ops' resources to be
> > released multiple times.
> >
> > When acpi_pci_root_create() fails, these resources have already been
> > released internally by the __acpi_pci_root_release_info() function.
> > Releasing them again in pci_acpi_scan_root() leads to incorrect behavior
> > and potential memory issues.
> >
> > We plan to resolve the issue using a more appropriate fix.
> >
> > Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Closes: https://lore.kernel.org/all/aEmdnuw715btq7Q5@stanley.mountain/
> > Cc: Dan Carpenter <dan.carpenter@linaro.org>
> > Signed-off-by: Zhe Qiao <qiaozhe@iscas.ac.cn>
>
> Acked-by: Dan Carpenter <dan.carpenter@linaro.org>
>
> Reverting is probably the simplest option.  There is still an issue in
> the code where in acpi_pci_root_create() the goto out_release_info
> doesn't free sysdata except on the last goto.  So there is a small
> leak.  But it's probably more theoretical than real.

Applied as 6.16-rc material, thanks!

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.