[PATCH 4/5] perf: arm: pmu: fix reference leak on failed device registration

public inbox for linux-arm-kernel@lists.infradead.org
 help / color / mirror / Atom feed

* [PATCH 4/5] perf: arm: pmu: fix reference leak on failed device registration
       [not found] <cover.1777889235.git.vebohr@gmail.com>
@ 2026-05-04 10:08 ` Vastargazing
  2026-05-05  8:50   ` Sudeep Holla
  2026-05-05 10:36 ` [PATCH 1/5] perf/arm_pmu_acpi: fix reference leak in arm_pmu_acpi_probe error path Valery Borovsky
  1 sibling, 1 reply; 3+ messages in thread
From: Vastargazing @ 2026-05-04 10:08 UTC (permalink / raw)
  To: linux-kernel
  Cc: Vastargazing, stable, Will Deacon, Mark Rutland, Jeremy Linton,
	Sudeep Holla, Lorenzo Pieralisi, linux-arm-kernel,
	linux-perf-users

When platform_device_register() fails in arm_acpi_register_pmu_device(),
the embedded struct device has already been initialized by
device_initialize() inside platform_device_register(). The error path
unregisters the GSI interrupt but returns without dropping the device
reference:

  arm_acpi_register_pmu_device()
    -> platform_device_register(pdev)
       -> device_initialize(&pdev->dev)   /* kref = 1 */
       -> platform_device_add(pdev)       /* fails */
    <- acpi_unregister_gsi() called, but kref still 1

Per platform_device_register() kernel-doc:

  NOTE: _Never_ directly free @pdev after calling this function, even if
  it returned an error! Always use platform_device_put() to give up the
  reference initialised in this function instead.

Fix this by calling platform_device_put() in the error branch before
unregistering the GSI.

Fixes: d24a0c7099b3 ("arm_pmu: acpi: spe: Add initial MADT/SPE probing")
Cc: stable@vger.kernel.org
Assisted-by: GitHub Copilot (Claude Sonnet 4.5)
Signed-off-by: Vastargazing <vebohr@gmail.com>
---
 drivers/perf/arm_pmu_acpi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/perf/arm_pmu_acpi.c b/drivers/perf/arm_pmu_acpi.c
index e80f76d95e68..c2defbc32ad9 100644
--- a/drivers/perf/arm_pmu_acpi.c
+++ b/drivers/perf/arm_pmu_acpi.c
@@ -119,8 +119,10 @@ arm_acpi_register_pmu_device(struct platform_device *pdev, u8 len,
 
 	pdev->resource[0].start = irq;
 	ret = platform_device_register(pdev);
-	if (ret)
+	if (ret) {
+		platform_device_put(pdev);
 		acpi_unregister_gsi(gsi);
+	}
 
 	return ret;
 }
-- 
2.51.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 4/5] perf: arm: pmu: fix reference leak on failed device registration
  2026-05-04 10:08 ` [PATCH 4/5] perf: arm: pmu: fix reference leak on failed device registration Vastargazing
@ 2026-05-05  8:50   ` Sudeep Holla
  0 siblings, 0 replies; 3+ messages in thread
From: Sudeep Holla @ 2026-05-05  8:50 UTC (permalink / raw)
  To: Vastargazing
  Cc: linux-kernel, stable, Will Deacon, Mark Rutland, Sudeep Holla,
	Jeremy Linton, Lorenzo Pieralisi, linux-arm-kernel,
	linux-perf-users

On Mon, May 04, 2026 at 01:08:46PM +0300, Vastargazing wrote:
> When platform_device_register() fails in arm_acpi_register_pmu_device(),
> the embedded struct device has already been initialized by
> device_initialize() inside platform_device_register(). The error path
> unregisters the GSI interrupt but returns without dropping the device
> reference:
> 
>   arm_acpi_register_pmu_device()
>     -> platform_device_register(pdev)
>        -> device_initialize(&pdev->dev)   /* kref = 1 */
>        -> platform_device_add(pdev)       /* fails */
>     <- acpi_unregister_gsi() called, but kref still 1
> 
> Per platform_device_register() kernel-doc:
> 
>   NOTE: _Never_ directly free @pdev after calling this function, even if
>   it returned an error! Always use platform_device_put() to give up the
>   reference initialised in this function instead.
> 
> Fix this by calling platform_device_put() in the error branch before
> unregistering the GSI.
> 
> Fixes: d24a0c7099b3 ("arm_pmu: acpi: spe: Add initial MADT/SPE probing")
> Cc: stable@vger.kernel.org
> Assisted-by: GitHub Copilot (Claude Sonnet 4.5)
> Signed-off-by: Vastargazing <vebohr@gmail.com>
> ---
>  drivers/perf/arm_pmu_acpi.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/perf/arm_pmu_acpi.c b/drivers/perf/arm_pmu_acpi.c
> index e80f76d95e68..c2defbc32ad9 100644
> --- a/drivers/perf/arm_pmu_acpi.c
> +++ b/drivers/perf/arm_pmu_acpi.c
> @@ -119,8 +119,10 @@ arm_acpi_register_pmu_device(struct platform_device *pdev, u8 len,
>  
>  	pdev->resource[0].start = irq;
>  	ret = platform_device_register(pdev);
> -	if (ret)
> +	if (ret) {
> +		platform_device_put(pdev);

Both spe_dev and trbe_dev using this are statically allocated, what am I
missing here ? What will platform_device_put() do ?

-- 
Regards,
Sudeep


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/5] perf/arm_pmu_acpi: fix reference leak in arm_pmu_acpi_probe error path
       [not found] <cover.1777889235.git.vebohr@gmail.com>
  2026-05-04 10:08 ` [PATCH 4/5] perf: arm: pmu: fix reference leak on failed device registration Vastargazing
@ 2026-05-05 10:36 ` Valery Borovsky
  1 sibling, 0 replies; 3+ messages in thread
From: Valery Borovsky @ 2026-05-05 10:36 UTC (permalink / raw)
  To: Will Deacon
  Cc: Mark Rutland, Arnd Bergmann, Greg Kroah-Hartman, Benson Leung,
	Tzung-Bi Shih, Guenter Roeck, Miquel Raynal, Richard Weinberger,
	Vignesh Raghavendra, Andy Shevchenko, Linus Walleij, Randy Dunlap,
	linux-arm-kernel, linux-perf-users, linux-kernel, chrome-platform,
	linux-mtd, Valery Borovsky

Yeah, you're right, my bad. The `arm_pmu_acpi.c` patch is definitely broken.

Since `spe_dev` and `trbe_dev` are statically allocated, they don't have a
`.dev.release` callback. If we hit `platform_device_put()` here, the refcount
drops to zero and triggers `device_release()`, which is going to scream about
the missing release function. At best, we get a messy WARN; at worst, it'll
panic the kernel if someone's running with `panic_on_warn`.

The kernel-doc note about `platform_device_put()` is really meant for dynamic
allocations where the release path actually frees memory. For static setups
like this, the original code is actually the right way to go.

Please drop patches 1/5 through 4/5 from the v1 series—they all suffer from
the same logic error. Patch 5/5 (mfd: sm501) is the only clean one, so I've
re-sent that as a standalone v2.

Sorry for the noise.

Valery Borovsky

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-05 10:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cover.1777889235.git.vebohr@gmail.com>
2026-05-04 10:08 ` [PATCH 4/5] perf: arm: pmu: fix reference leak on failed device registration Vastargazing
2026-05-05  8:50   ` Sudeep Holla
2026-05-05 10:36 ` [PATCH 1/5] perf/arm_pmu_acpi: fix reference leak in arm_pmu_acpi_probe error path Valery Borovsky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox