From: Dan Carpenter <dan.carpenter@linaro.org>
To: Zhe Qiao <qiaozhe@iscas.ac.cn>
Cc: linux-acpi@vger.kernel.org
Subject: [bug report] PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()
Date: Wed, 11 Jun 2025 18:15:42 +0300 [thread overview]
Message-ID: <aEmdnuw715btq7Q5@stanley.mountain> (raw)
Hello Zhe Qiao,
Commit 631b2af2f357 ("PCI/ACPI: Fix allocated memory release on error
in pci_acpi_scan_root()") from Apr 30, 2025 (linux-next), leads to
the following Smatch static checker warning:
drivers/pci/pci-acpi.c:1712 pci_acpi_scan_root()
error: double free of 'root_ops' (line 1711)
drivers/pci/pci-acpi.c
1667 struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root)
1668 {
1669 struct acpi_pci_generic_root_info *ri;
1670 struct pci_bus *bus, *child;
1671 struct acpi_pci_root_ops *root_ops;
1672 struct pci_host_bridge *host;
1673
1674 ri = kzalloc(sizeof(*ri), GFP_KERNEL);
1675 if (!ri)
1676 return NULL;
1677
1678 root_ops = kzalloc(sizeof(*root_ops), GFP_KERNEL);
1679 if (!root_ops)
1680 goto free_ri;
1681
1682 ri->cfg = pci_acpi_setup_ecam_mapping(root);
1683 if (!ri->cfg)
1684 goto free_root_ops;
1685
1686 root_ops->release_info = pci_acpi_generic_release_info;
1687 root_ops->prepare_resources = pci_acpi_root_prepare_resources;
1688 root_ops->pci_ops = (struct pci_ops *)&ri->cfg->ops->pci_ops;
1689 bus = acpi_pci_root_create(root, root_ops, &ri->common, ri->cfg);
1690 if (!bus)
1691 goto free_cfg;
The acpi_pci_root_create() function frees root_ops on error in
pci_acpi_generic_release_info(). I think there is only one error
path where it frees "ri->cfg". I probably would advise you to re-write
the the error handling in acpi_pci_root_create().
1692
1693 /* If we must preserve the resource configuration, claim now */
1694 host = pci_find_host_bridge(bus);
1695 if (host->preserve_config)
1696 pci_bus_claim_resources(bus);
1697
1698 /*
1699 * Assign whatever was left unassigned. If we didn't claim above,
1700 * this will reassign everything.
1701 */
1702 pci_assign_unassigned_root_bus_resources(bus);
1703
1704 list_for_each_entry(child, &bus->children, node)
1705 pcie_bus_configure_settings(child);
1706
1707 return bus;
1708
1709 free_cfg:
1710 pci_ecam_free(ri->cfg);
1711 free_root_ops:
--> 1712 kfree(root_ops);
1713 free_ri:
1714 kfree(ri);
1715 return NULL;
1716 }
regards,
dan carpenter
next reply other threads:[~2025-06-11 15:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 15:15 Dan Carpenter [this message]
2025-06-12 5:12 ` [bug report] PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhe Qiao
2025-06-12 7:34 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aEmdnuw715btq7Q5@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=linux-acpi@vger.kernel.org \
--cc=qiaozhe@iscas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox