From: Qiushi Wu <wu000273@umn.edu>
Date: Thu, 28 May 2020 02:13:22 +0000 (-0500)
Subject: PCI: Fix pci_create_slot() reference count leak
X-Git-Tag: v5.15~3149^2~18^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8a94644b440eef5a7b9c104ac8aa7a7f413e35e5;p=platform%2Fkernel%2Flinux-starfive.git

PCI: Fix pci_create_slot() reference count leak

kobject_init_and_add() takes a reference even when it fails.  If it returns
an error, kobject_put() must be called to clean up the memory associated
with the object.

When kobject_init_and_add() fails, call kobject_put() instead of kfree().

b8eb718348b8 ("net-sysfs: Fix reference count leak in
rx|netdev_queue_add_kobject") fixed a similar problem.

Link: https://lore.kernel.org/r/20200528021322.1984-1-wu000273@umn.edu
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---

diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c
index cc386ef..3861505 100644
--- a/drivers/pci/slot.c
+++ b/drivers/pci/slot.c
@@ -268,13 +268,16 @@ placeholder:
 	slot_name = make_slot_name(name);
 	if (!slot_name) {
 		err = -ENOMEM;
+		kfree(slot);
 		goto err;
 	}
 
 	err = kobject_init_and_add(&slot->kobj, &pci_slot_ktype, NULL,
 				   "%s", slot_name);
-	if (err)
+	if (err) {
+		kobject_put(&slot->kobj);
 		goto err;
+	}
 
 	INIT_LIST_HEAD(&slot->list);
 	list_add(&slot->list, &parent->slots);
@@ -293,7 +296,6 @@ out:
 	mutex_unlock(&pci_slot_mutex);
 	return slot;
 err:
-	kfree(slot);
 	slot = ERR_PTR(err);
 	goto out;
 }