1. Patchew
  2. linux
  3. View series

[PATCH] ACPI: power: Use put_device() in power resource add error path

Guangshuo Li posted 1 patch 2 months, 1 week ago 
drivers/acpi/power.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] ACPI: power: Use put_device() in power resource add error path
Posted by Guangshuo Li 2 months, 1 week ago 
After device_initialize(), the lifetime of struct device is managed by
the driver core through reference counting.

acpi_add_power_resource() initializes device->dev via
acpi_init_device_object(), which installs acpi_release_power_resource()
as the release callback. If acpi_device_add() fails, however, the error
path calls acpi_release_power_resource() directly instead of dropping
the device reference with put_device().

This bypasses the normal device lifetime rules and frees the object
without releasing the reference acquired by device_initialize(), which
may lead to a refcount leak and potentially a use-after-free. Fix it by
calling put_device(&device->dev) and let the release callback handle
the final cleanup.

Fixes: 781d737c7466 ("ACPI: Drop power resources driver")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/acpi/power.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/acpi/power.c b/drivers/acpi/power.c
index 361a7721a6a8..f96f954876a7 100644
--- a/drivers/acpi/power.c
+++ b/drivers/acpi/power.c
@@ -991,7 +991,7 @@ struct acpi_device *acpi_add_power_resource(acpi_handle handle)
 	return device;
 
  err:
-	acpi_release_power_resource(&device->dev);
+	put_device(&device->dev);
 	return NULL;
 }
 
-- 
2.43.0
Re: [PATCH] ACPI: power: Use put_device() in power resource add error path
Posted by Rafael J. Wysocki 2 months, 1 week ago 
On Fri, Apr 10, 2026 at 12:35 PM Guangshuo Li <lgs201920130244@gmail.com> wrote:
>
> After device_initialize(), the lifetime of struct device is managed by
> the driver core through reference counting.
>
> acpi_add_power_resource() initializes device->dev via
> acpi_init_device_object(), which installs acpi_release_power_resource()
> as the release callback. If acpi_device_add() fails, however, the error
> path calls acpi_release_power_resource() directly instead of dropping
> the device reference with put_device().
>
> This bypasses the normal device lifetime rules and frees the object
> without releasing the reference acquired by device_initialize(), which
> may lead to a refcount leak and potentially a use-after-free. Fix it by
> calling put_device(&device->dev) and let the release callback handle
> the final cleanup.
>
> Fixes: 781d737c7466 ("ACPI: Drop power resources driver")
> Cc: stable@vger.kernel.org
> Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
> ---
>  drivers/acpi/power.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/power.c b/drivers/acpi/power.c
> index 361a7721a6a8..f96f954876a7 100644
> --- a/drivers/acpi/power.c
> +++ b/drivers/acpi/power.c
> @@ -991,7 +991,7 @@ struct acpi_device *acpi_add_power_resource(acpi_handle handle)
>         return device;
>
>   err:
> -       acpi_release_power_resource(&device->dev);
> +       put_device(&device->dev);

Please use acpi_dev_put() here.

Also, acpi_add_single_object() has the exact same problem, so it would
be good to fix them both together in one patch.

>         return NULL;
>  }
>
> --

Thanks!

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.