Re: [PATCH] fix: clocksource: timer-nxp-pit: pit_timer_init: cpuhp_setup_state failure leaks clockevent device
From: WenTao Liang
Date: Sat Jun 27 2026 - 23:55:33 EST
> 2026年6月26日 20:12,WenTao Liang <vulab@xxxxxxxxxxx> 写道:
>
> After pit_clockevent_per_cpu_init succeeds (registering a clockevent
> device and requesting an IRQ), if cpuhp_setup_state subsequently fails,
> the error path only unregisters the clocksource but not the clockevent
> device. This leaves the IRQ handler registered and per-CPU data uncleaned
> before kfree(pit), causing both a resource leak and potential
> use-after-free.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: bee33f22d7c3 ("clocksource/drivers/nxp-pit: Add NXP Automotive s32g2 / s32g3 support")
> Signed-off-by: WenTao Liang <vulab@xxxxxxxxxxx>
> ---
> drivers/clocksource/timer-nxp-pit.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/clocksource/timer-nxp-pit.c b/drivers/clocksource/timer-nxp-pit.c
> index bc5157e2ba57..b77966faa112 100644
> --- a/drivers/clocksource/timer-nxp-pit.c
> +++ b/drivers/clocksource/timer-nxp-pit.c
> @@ -329,11 +329,12 @@ static int pit_timer_init(struct device_node *np)
> ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "PIT timer:starting",
> pit_clockevent_starting_cpu, NULL);
> if (ret < 0)
> - goto out_pit_clocksource_unregister;
> + goto out_pit_clockevent_unregister;
> }
>
> return 0;
> -
> +out_pit_clockevent_unregister:
> + pit_clockevent_per_cpu_exit(pit, pit_instances - 1);
> out_pit_clocksource_unregister:
> clocksource_unregister(&pit->cs);
> out_pit_module_disable:
> --
> 2.39.5 (Apple Git-154)
Please ignore this patch. I will resend a proper version after
learning the kernel submission process.
Apologies for the noise.
Best regards,
WenTao Liang