PCI: Fix reference leak in pci_register_host_bridge()

commit 804443c1f27883926de94c849d91f5b7d7d696e9 upstream.

If device_register() fails, call put_device() to give up the reference to
avoid a memory leak, per the comment at device_register().

Found by code review.

Link: https://lore.kernel.org/r/20250225021440.3130264-1-make24@iscas.ac.cn
Fixes: 37d6a0a6f470 ("PCI: Add pci_register_host_bridge() interface")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
[bhelgaas: squash Dan Carpenter's double free fix from
https://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index d9c2e51cbf8c63d904271f7f7fe98311019b4fee..cf7c7886b64203d45ca4739d6bd556247f9fe2b6 100644 (file)
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -908,6 +908,7 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
        resource_size_t offset, next_offset;
        LIST_HEAD(resources);
        struct resource *res, *next_res;
+       bool bus_registered = false;
        char addr[64], *fmt;
        const char *name;
        int err;
@@ -971,6 +972,7 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
        name = dev_name(&bus->dev);
 
        err = device_register(&bus->dev);
+       bus_registered = true;
        if (err)
                goto unregister;
 
@@ -1057,12 +1059,15 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
 unregister:
        put_device(&bridge->dev);
        device_del(&bridge->dev);
-
 free:
 #ifdef CONFIG_PCI_DOMAINS_GENERIC
        pci_bus_release_domain_nr(parent, bus->domain_nr);
 #endif
-       kfree(bus);
+       if (bus_registered)
+               put_device(&bus->dev);
+       else
+               kfree(bus);
+
        return err;
 }