lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 27 Aug 2022 17:15:25 +0800
From:   Yang Yingliang <yangyingliang@...wei.com>
To:     Bjorn Helgaas <helgaas@...nel.org>
CC:     <linux-kernel@...r.kernel.org>, <linux-pci@...r.kernel.org>,
        <bhelgaas@...gle.com>, Rob Herring <robh@...nel.org>
Subject: Re: [PATCH -next 1/3] PCI: fix double put_device() in error case in
 pci_create_root_bus()

Hi,

On 2022/8/27 5:14, Bjorn Helgaas wrote:
> [+cc Rob]
>
> On Thu, Aug 25, 2022 at 08:27:51PM +0800, Yang Yingliang wrote:
>> If device_add() fails in pci_register_host_bridge(), the brigde device will
>> be put once, and it will be put again in error path of pci_create_root_bus().
>> Move the put_device() from pci_create_root_bus() to pci_register_host_bridge()
>> to fix this problem. And use device_unregister() instead of del_device() and
>> put_device().
> s/brigde/bridge/
>
>> Fixes: 9885440b16b8 ("PCI: Fix pci_host_bridge struct device release/free handling")
> If you're fixing a commit from somebody else, please always cc: the
> author because the author can help review the change.
OK.
>
>> Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
>> ---
>>   drivers/pci/probe.c | 8 ++------
>>   1 file changed, 2 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
>> index c5286b027f00..e500eb9d6468 100644
>> --- a/drivers/pci/probe.c
>> +++ b/drivers/pci/probe.c
>> @@ -1027,7 +1027,7 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
>>   
>>   unregister:
>>   	put_device(&bridge->dev);
>> -	device_del(&bridge->dev);
>> +	device_unregister(&bridge->dev);
> I don't understand this part.  device_unregister() looks like this:
>
>    void device_unregister(struct device *dev)
>    {
>      device_del(dev);
>      put_device(dev);
>    }
>
> So this calls put_device(&bridge->dev) twice, doesn't it?
>
> The "unregister" label looks poorly named.  We only get there if
> device_register() *failed*.  We shouldn't need to unregister anything
> in that case.
If it goes to the 'unregister' label, the bridge->dev has been register 
sucessfully (device_initialize() called from pci_alloc_host_bridge()
and device_add() called from pci_register_host_bridge()), so it need be 
unregister, and another put_device() is for decreasing
refcount of 'bus->bridge'.

Thanks,
Yang
>
>>   free:
>>   	kfree(bus);
>> @@ -3037,13 +3037,9 @@ struct pci_bus *pci_create_root_bus(struct device *parent, int bus,
>>   
>>   	error = pci_register_host_bridge(bridge);
>>   	if (error < 0)
>> -		goto err_out;
>> +		return NULL;
>>   
>>   	return bridge->bus;
>> -
>> -err_out:
>> -	put_device(&bridge->dev);
>> -	return NULL;
> This part looks right to me.  The get_device() is in
> pci_register_host_bridge(), and if pci_register_host_bridge() returns
> failure, I think it should first do the corresponding put_device().
>
>>   }
>>   EXPORT_SYMBOL_GPL(pci_create_root_bus);
>>   
>> -- 
>> 2.25.1
>>
> .

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ