2021-03-21 16:24:35

by Zhiqiang Liu

[permalink] [raw]
Subject: [PATCH] pci/hotplug: fix potential memory leak in disable_slot()


In disable_slot(), if we obtain desired PCI device
successfully by calling pci_get_slot(), we should
call pci_dev_put() to release its reference.

Signed-off-by: Zhiqiang Liu <[email protected]>
Signed-off-by: Feilong Lin <[email protected]>
---
drivers/pci/hotplug/s390_pci_hpc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c
index c9e790c74051..999a34b6fd50 100644
--- a/drivers/pci/hotplug/s390_pci_hpc.c
+++ b/drivers/pci/hotplug/s390_pci_hpc.c
@@ -89,9 +89,11 @@ static int disable_slot(struct hotplug_slot *hotplug_slot)
return -EIO;

pdev = pci_get_slot(zdev->zbus->bus, zdev->devfn);
- if (pdev && pci_num_vf(pdev)) {
+ if (pdev) {
+ rc = pci_num_vf(pdev);
pci_dev_put(pdev);
- return -EBUSY;
+ if (rc)
+ return -EBUSY;
}

zpci_remove_device(zdev);
--
2.19.1



2021-03-22 09:46:21

by Niklas Schnelle

[permalink] [raw]
Subject: Re: [PATCH] pci/hotplug: fix potential memory leak in disable_slot()



On 21/03/2021 16:51, Zhiqiang Liu wrote:
>
> In disable_slot(), if we obtain desired PCI device
> successfully by calling pci_get_slot(), we should
> call pci_dev_put() to release its reference.

Thanks for the patch! This should however be fixed independently by
commit 0b13525c20fe ("s390/pci: fix leak of PCI device structure")
which was just added to v5.12-rc4 and will be backported to stable.
There were a few similar cases that also got fixed by that commit.

>
> Signed-off-by: Zhiqiang Liu <[email protected]>
> Signed-off-by: Feilong Lin <[email protected]>
> ---
> drivers/pci/hotplug/s390_pci_hpc.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c
> index c9e790c74051..999a34b6fd50 100644
> --- a/drivers/pci/hotplug/s390_pci_hpc.c
> +++ b/drivers/pci/hotplug/s390_pci_hpc.c
> @@ -89,9 +89,11 @@ static int disable_slot(struct hotplug_slot *hotplug_slot)
> return -EIO;
>
> pdev = pci_get_slot(zdev->zbus->bus, zdev->devfn);
> - if (pdev && pci_num_vf(pdev)) {
> + if (pdev) {
> + rc = pci_num_vf(pdev);
> pci_dev_put(pdev);
> - return -EBUSY;
> + if (rc)
> + return -EBUSY;
> }
>
> zpci_remove_device(zdev);
>