* [PATCH] platform/chrome: fix reference leak on failed device registration
@ 2026-04-15 17:50 Guangshuo Li
2026-04-15 21:47 ` Olof Johansson
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Guangshuo Li @ 2026-04-15 17:50 UTC (permalink / raw)
To: Benson Leung, Tzung-Bi Shih, Olof Johansson, chrome-platform,
linux-kernel
Cc: Guangshuo Li, stable
When platform_device_register() fails in chromeos_pstore_init(), the
embedded struct device in chromeos_ramoops has already been initialized
by device_initialize(), but the failure path returns the error without
dropping the device reference for the current platform device:
chromeos_pstore_init()
-> platform_device_register(&chromeos_ramoops)
-> device_initialize(&chromeos_ramoops.dev)
-> setup_pdev_dma_masks(&chromeos_ramoops)
-> platform_device_add(&chromeos_ramoops)
This leads to a reference leak when platform_device_register() fails.
Fix this by calling platform_device_put() before returning the error.
The issue was identified by a static analysis tool I developed and
confirmed by manual review.
Fixes: 9742e127cd0dd ("platform/chrome: Add pstore platform_device")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
drivers/platform/chrome/chromeos_pstore.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/chrome/chromeos_pstore.c b/drivers/platform/chrome/chromeos_pstore.c
index a6eed99507d4..9e6d14dbb1c2 100644
--- a/drivers/platform/chrome/chromeos_pstore.c
+++ b/drivers/platform/chrome/chromeos_pstore.c
@@ -127,8 +127,13 @@ static int __init chromeos_pstore_init(void)
/* First check ACPI for non-hardcoded values from firmware. */
acpi_dev_found = chromeos_check_acpi();
- if (acpi_dev_found || dmi_check_system(chromeos_pstore_dmi_table))
- return platform_device_register(&chromeos_ramoops);
+ if (acpi_dev_found || dmi_check_system(chromeos_pstore_dmi_table)) {
+ ret = platform_device_register(&chromeos_ramoops);
+ if (ret)
+ platform_device_put(&chromeos_ramoops);
+
+ return ret;
+ }
return -ENODEV;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] platform/chrome: fix reference leak on failed device registration
2026-04-15 17:50 [PATCH] platform/chrome: fix reference leak on failed device registration Guangshuo Li
@ 2026-04-15 21:47 ` Olof Johansson
2026-04-16 9:26 ` Guangshuo Li
2026-04-17 7:51 ` kernel test robot
2026-04-17 8:46 ` kernel test robot
2 siblings, 1 reply; 7+ messages in thread
From: Olof Johansson @ 2026-04-15 21:47 UTC (permalink / raw)
To: Guangshuo Li
Cc: Benson Leung, Tzung-Bi Shih, chrome-platform, linux-kernel,
stable
On Wed, Apr 15, 2026 at 10:50 AM Guangshuo Li <lgs201920130244@gmail.com> wrote:
>
> When platform_device_register() fails in chromeos_pstore_init(), the
> embedded struct device in chromeos_ramoops has already been initialized
> by device_initialize(), but the failure path returns the error without
> dropping the device reference for the current platform device:
>
> chromeos_pstore_init()
> -> platform_device_register(&chromeos_ramoops)
> -> device_initialize(&chromeos_ramoops.dev)
> -> setup_pdev_dma_masks(&chromeos_ramoops)
> -> platform_device_add(&chromeos_ramoops)
>
> This leads to a reference leak when platform_device_register() fails.
> Fix this by calling platform_device_put() before returning the error.
>
> The issue was identified by a static analysis tool I developed and
> confirmed by manual review.
>
> Fixes: 9742e127cd0dd ("platform/chrome: Add pstore platform_device")
> Cc: stable@vger.kernel.org
> Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
This looks like slop to me. It doesn't even compile (there's no local
'ret' variable in the function already).
This is also a no-value fix, the chromeos_ramoops structure is static
data and not dynamically allocated. Please don't burden maintainers
with these kinds of "fixes".
-Olof
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] platform/chrome: fix reference leak on failed device registration
2026-04-15 21:47 ` Olof Johansson
@ 2026-04-16 9:26 ` Guangshuo Li
2026-04-16 10:21 ` Guangshuo Li
0 siblings, 1 reply; 7+ messages in thread
From: Guangshuo Li @ 2026-04-16 9:26 UTC (permalink / raw)
To: Olof Johansson
Cc: Benson Leung, Tzung-Bi Shih, chrome-platform, linux-kernel,
stable
Hi Olof,
Thanks for the review.
On Thu, 16 Apr 2026 at 05:47, Olof Johansson <olof@lixom.net> wrote:
>
>
> This looks like slop to me. It doesn't even compile (there's no local
> 'ret' variable in the function already).
You're right, I missed declaring the local ret variable in this
version, so it does not compile. Sorry for that mistake.
> This is also a no-value fix, the chromeos_ramoops structure is static
> data and not dynamically allocated. Please don't burden maintainers
> with these kinds of "fixes".
>
>
> -Olof
My reasoning was based on the implementation of
platform_device_register(): it calls device_initialize(), but if
platform_device_add() fails, platform_device_register() returns the
error directly without dropping the device reference initialized there.
Based on that, I thought the caller might need to release that
reference.
That said, I understand your point that for this statically defined
chromeos_ramoops device this is not a useful fix.
Thanks,
Guangshuo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] platform/chrome: fix reference leak on failed device registration
2026-04-16 9:26 ` Guangshuo Li
@ 2026-04-16 10:21 ` Guangshuo Li
0 siblings, 0 replies; 7+ messages in thread
From: Guangshuo Li @ 2026-04-16 10:21 UTC (permalink / raw)
To: Olof Johansson
Cc: Benson Leung, Tzung-Bi Shih, chrome-platform, linux-kernel,
stable
Hi Olof,
Thanks.
On Thu, 16 Apr 2026 at 17:26, Guangshuo Li <lgs201920130244@gmail.com> wrote:
>
> Hi Olof,
>
> Thanks for the review.
>
> On Thu, 16 Apr 2026 at 05:47, Olof Johansson <olof@lixom.net> wrote:
> >
> >
> > This looks like slop to me. It doesn't even compile (there's no local
> > 'ret' variable in the function already).
>
> You're right, I missed declaring the local ret variable in this
> version, so it does not compile. Sorry for that mistake.
>
> > This is also a no-value fix, the chromeos_ramoops structure is static
> > data and not dynamically allocated. Please don't burden maintainers
> > with these kinds of "fixes".
> >
> >
> > -Olof
>
> My reasoning was based on the implementation of
> platform_device_register(): it calls device_initialize(), but if
> platform_device_add() fails, platform_device_register() returns the
> error directly without dropping the device reference initialized there.
> Based on that, I thought the caller might need to release that
> reference.
>
> That said, I understand your point that for this statically defined
> chromeos_ramoops device this is not a useful fix.
>
> Thanks,
> Guangshuo
We are also discussing in another similar patch whether the
better fix, if any, should be in the API/core code rather than in
individual callers:
https://patchew.org/linux/20260415174159.3625777-1-lgs201920130244@gmail.com/
Thanks,
Guangshuo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] platform/chrome: fix reference leak on failed device registration
2026-04-15 17:50 [PATCH] platform/chrome: fix reference leak on failed device registration Guangshuo Li
2026-04-15 21:47 ` Olof Johansson
@ 2026-04-17 7:51 ` kernel test robot
2026-04-17 8:46 ` kernel test robot
2 siblings, 0 replies; 7+ messages in thread
From: kernel test robot @ 2026-04-17 7:51 UTC (permalink / raw)
To: Guangshuo Li, Benson Leung, Tzung-Bi Shih, Olof Johansson,
chrome-platform, linux-kernel
Cc: oe-kbuild-all, Guangshuo Li, stable
Hi Guangshuo,
kernel test robot noticed the following build errors:
[auto build test ERROR on chrome-platform/for-next]
[also build test ERROR on chrome-platform/for-firmware-next linus/master v7.0 next-20260416]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Guangshuo-Li/platform-chrome-fix-reference-leak-on-failed-device-registration/20260416-135638
base: https://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux.git for-next
patch link: https://lore.kernel.org/r/20260415175038.3633384-1-lgs201920130244%40gmail.com
patch subject: [PATCH] platform/chrome: fix reference leak on failed device registration
config: i386-allmodconfig (https://download.01.org/0day-ci/archive/20260417/202604171521.d1s0T0Dr-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260417/202604171521.d1s0T0Dr-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604171521.d1s0T0Dr-lkp@intel.com/
All errors (new ones prefixed by >>):
drivers/platform/chrome/chromeos_pstore.c: In function 'chromeos_pstore_init':
>> drivers/platform/chrome/chromeos_pstore.c:131:17: error: 'ret' undeclared (first use in this function)
131 | ret = platform_device_register(&chromeos_ramoops);
| ^~~
drivers/platform/chrome/chromeos_pstore.c:131:17: note: each undeclared identifier is reported only once for each function it appears in
vim +/ret +131 drivers/platform/chrome/chromeos_pstore.c
119
120 static int __init chromeos_pstore_init(void)
121 {
122 bool acpi_dev_found;
123
124 if (ecc_size > 0)
125 chromeos_ramoops_data.ecc_info.ecc_size = ecc_size;
126
127 /* First check ACPI for non-hardcoded values from firmware. */
128 acpi_dev_found = chromeos_check_acpi();
129
130 if (acpi_dev_found || dmi_check_system(chromeos_pstore_dmi_table)) {
> 131 ret = platform_device_register(&chromeos_ramoops);
132 if (ret)
133 platform_device_put(&chromeos_ramoops);
134
135 return ret;
136 }
137
138 return -ENODEV;
139 }
140
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] platform/chrome: fix reference leak on failed device registration
2026-04-15 17:50 [PATCH] platform/chrome: fix reference leak on failed device registration Guangshuo Li
2026-04-15 21:47 ` Olof Johansson
2026-04-17 7:51 ` kernel test robot
@ 2026-04-17 8:46 ` kernel test robot
2026-04-17 9:11 ` Guangshuo Li
2 siblings, 1 reply; 7+ messages in thread
From: kernel test robot @ 2026-04-17 8:46 UTC (permalink / raw)
To: Guangshuo Li, Benson Leung, Tzung-Bi Shih, Olof Johansson,
chrome-platform, linux-kernel
Cc: llvm, oe-kbuild-all, Guangshuo Li, stable
Hi Guangshuo,
kernel test robot noticed the following build errors:
[auto build test ERROR on chrome-platform/for-next]
[also build test ERROR on chrome-platform/for-firmware-next linus/master v7.0 next-20260416]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Guangshuo-Li/platform-chrome-fix-reference-leak-on-failed-device-registration/20260416-135638
base: https://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux.git for-next
patch link: https://lore.kernel.org/r/20260415175038.3633384-1-lgs201920130244%40gmail.com
patch subject: [PATCH] platform/chrome: fix reference leak on failed device registration
config: x86_64-randconfig-013-20260417 (https://download.01.org/0day-ci/archive/20260417/202604171609.wl8JLCit-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260417/202604171609.wl8JLCit-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604171609.wl8JLCit-lkp@intel.com/
All errors (new ones prefixed by >>):
>> drivers/platform/chrome/chromeos_pstore.c:131:3: error: use of undeclared identifier 'ret'
131 | ret = platform_device_register(&chromeos_ramoops);
| ^
drivers/platform/chrome/chromeos_pstore.c:132:7: error: use of undeclared identifier 'ret'
132 | if (ret)
| ^
drivers/platform/chrome/chromeos_pstore.c:135:10: error: use of undeclared identifier 'ret'
135 | return ret;
| ^
3 errors generated.
vim +/ret +131 drivers/platform/chrome/chromeos_pstore.c
119
120 static int __init chromeos_pstore_init(void)
121 {
122 bool acpi_dev_found;
123
124 if (ecc_size > 0)
125 chromeos_ramoops_data.ecc_info.ecc_size = ecc_size;
126
127 /* First check ACPI for non-hardcoded values from firmware. */
128 acpi_dev_found = chromeos_check_acpi();
129
130 if (acpi_dev_found || dmi_check_system(chromeos_pstore_dmi_table)) {
> 131 ret = platform_device_register(&chromeos_ramoops);
132 if (ret)
133 platform_device_put(&chromeos_ramoops);
134
135 return ret;
136 }
137
138 return -ENODEV;
139 }
140
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] platform/chrome: fix reference leak on failed device registration
2026-04-17 8:46 ` kernel test robot
@ 2026-04-17 9:11 ` Guangshuo Li
0 siblings, 0 replies; 7+ messages in thread
From: Guangshuo Li @ 2026-04-17 9:11 UTC (permalink / raw)
To: kernel test robot
Cc: Benson Leung, Tzung-Bi Shih, Olof Johansson, chrome-platform,
linux-kernel, llvm, oe-kbuild-all, stable
Hi,
On Fri, 17 Apr 2026 at 16:47, kernel test robot <lkp@intel.com> wrote:
>
> Hi Guangshuo,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on chrome-platform/for-next]
> [also build test ERROR on chrome-platform/for-firmware-next linus/master v7.0 next-20260416]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Guangshuo-Li/platform-chrome-fix-reference-leak-on-failed-device-registration/20260416-135638
> base: https://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux.git for-next
> patch link: https://lore.kernel.org/r/20260415175038.3633384-1-lgs201920130244%40gmail.com
> patch subject: [PATCH] platform/chrome: fix reference leak on failed device registration
> config: x86_64-randconfig-013-20260417 (https://download.01.org/0day-ci/archive/20260417/202604171609.wl8JLCit-lkp@intel.com/config)
> compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260417/202604171609.wl8JLCit-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202604171609.wl8JLCit-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
> >> drivers/platform/chrome/chromeos_pstore.c:131:3: error: use of undeclared identifier 'ret'
> 131 | ret = platform_device_register(&chromeos_ramoops);
> | ^
> drivers/platform/chrome/chromeos_pstore.c:132:7: error: use of undeclared identifier 'ret'
> 132 | if (ret)
> | ^
> drivers/platform/chrome/chromeos_pstore.c:135:10: error: use of undeclared identifier 'ret'
> 135 | return ret;
> | ^
> 3 errors generated.
>
>
> vim +/ret +131 drivers/platform/chrome/chromeos_pstore.c
>
> 119
> 120 static int __init chromeos_pstore_init(void)
> 121 {
> 122 bool acpi_dev_found;
> 123
> 124 if (ecc_size > 0)
> 125 chromeos_ramoops_data.ecc_info.ecc_size = ecc_size;
> 126
> 127 /* First check ACPI for non-hardcoded values from firmware. */
> 128 acpi_dev_found = chromeos_check_acpi();
> 129
> 130 if (acpi_dev_found || dmi_check_system(chromeos_pstore_dmi_table)) {
> > 131 ret = platform_device_register(&chromeos_ramoops);
> 132 if (ret)
> 133 platform_device_put(&chromeos_ramoops);
> 134
> 135 return ret;
> 136 }
> 137
> 138 return -ENODEV;
> 139 }
> 140
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
Yes, the build error is because in the first version I accidentally
forgot to declare the local variable ret in chromeos_pstore_init().
Sorry for the oversight, and thanks for the report.
Also, the underlying issue here appears to be related to the
platform_device_register() core/API behavior. We are currently
discussing in another similar case whether the better fix, if any,
should be made in the core/API code rather than in individual callers:
https://patchew.org/linux/20260415174159.3625777-1-lgs201920130244@gmail.com/
Once that discussion reaches a conclusion, we will revisit this and
make the appropriate fix if needed.
Thanks,
Guangshuo
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2026-04-17 9:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-15 17:50 [PATCH] platform/chrome: fix reference leak on failed device registration Guangshuo Li
2026-04-15 21:47 ` Olof Johansson
2026-04-16 9:26 ` Guangshuo Li
2026-04-16 10:21 ` Guangshuo Li
2026-04-17 7:51 ` kernel test robot
2026-04-17 8:46 ` kernel test robot
2026-04-17 9:11 ` Guangshuo Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox