diff options
author | Geert Uytterhoeven <geert+renesas@glider.be> | 2017-12-07 11:15:19 +0100 |
---|---|---|
committer | Bjorn Helgaas <bhelgaas@google.com> | 2017-12-12 11:01:47 -0600 |
commit | 0c31f1d7be1b5c4858b1d714dcefa25f41428cab (patch) | |
tree | e39aee603c3c12ad4600cec69431e0e4ab5f7746 /drivers | |
parent | a19e2696135efb471981c1ae1ec3cb2b70c41a2e (diff) | |
download | lwn-0c31f1d7be1b5c4858b1d714dcefa25f41428cab.tar.gz lwn-0c31f1d7be1b5c4858b1d714dcefa25f41428cab.zip |
PCI: rcar: Fix use-after-free in probe error path
If CONFIG_DEBUG_SLAB=y, and no PCIe card is inserted, the kernel crashes
during probe on r8a7791/koelsch:
rcar-pcie fe000000.pcie: PCIe link down
Unable to handle kernel paging request at virtual address 6b6b6b6b
(seeing this message requires earlycon and keep_bootcon).
Indeed, pci_free_host_bridge() frees the PCI host bridge, including the
embedded rcar_pcie object, so pci_free_resource_list() must not be called
afterwards.
To fix this, move the call to pci_free_resource_list() up, and update the
label name accordingly.
Fixes: ddd535f1ea3eb27e ("PCI: rcar: Fix memory leak when no PCIe card is inserted")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Simon Horman <horms+renesas@verge.net.au>
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/pci/host/pcie-rcar.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/pci/host/pcie-rcar.c b/drivers/pci/host/pcie-rcar.c index 12796eccb2be..52ab3cb0a0bf 100644 --- a/drivers/pci/host/pcie-rcar.c +++ b/drivers/pci/host/pcie-rcar.c @@ -1128,12 +1128,12 @@ static int rcar_pcie_probe(struct platform_device *pdev) err = rcar_pcie_get_resources(pcie); if (err < 0) { dev_err(dev, "failed to request resources: %d\n", err); - goto err_free_bridge; + goto err_free_resource_list; } err = rcar_pcie_parse_map_dma_ranges(pcie, dev->of_node); if (err) - goto err_free_bridge; + goto err_free_resource_list; pm_runtime_enable(dev); err = pm_runtime_get_sync(dev); @@ -1176,9 +1176,9 @@ err_pm_put: err_pm_disable: pm_runtime_disable(dev); -err_free_bridge: - pci_free_host_bridge(bridge); +err_free_resource_list: pci_free_resource_list(&pcie->resources); + pci_free_host_bridge(bridge); return err; } |