Hi Bjorn,
On Fri, Oct 07, 2022 at 08:56:18AM +0200, Sascha Hauer wrote:
When pci_create_attr() fails then pci_remove_resource_files() is called which will iterate over the res_attr[_wc] arrays and frees every non NULL entry. To avoid a double free here we have to set the failed entry to NULL in pci_create_attr() when freeing it.
Fixes: b562ec8f74e4 ("PCI: Don't leak memory if sysfs_create_bin_file() fails") Signed-off-by: Sascha Hauer s.hauer@pengutronix.de Cc: stable@vger.kernel.org
drivers/pci/pci-sysfs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
Any input to this one? There's this long unfixed race condition described here:
https://patchwork.kernel.org/project/linux-pci/patch/20200716110423.xtfyb3n6...
And this patch at least prevents my system from crashing when this race condition occurs.
Sascha
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index fc804e08e3cb5..a07381d46ddae 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -1196,8 +1196,13 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) res_attr->size = pci_resource_len(pdev, num); res_attr->private = (void *)(unsigned long)num; retval = sysfs_create_bin_file(&pdev->dev.kobj, res_attr);
- if (retval)
- if (retval) {
if (write_combine)
pdev->res_attr_wc[num] = NULL;
else
kfree(res_attr);pdev->res_attr[num] = NULL;
- }
return retval; } -- 2.30.2