Skip to content

NvmExpressDriverBindingStart: early return leaks Private and protocol opens#12425

Open
spbrogan wants to merge 1 commit intotianocore:masterfrom
spbrogan:fix_tc_12399
Open

NvmExpressDriverBindingStart: early return leaks Private and protocol opens#12425
spbrogan wants to merge 1 commit intotianocore:masterfrom
spbrogan:fix_tc_12399

Conversation

@spbrogan
Copy link
Copy Markdown
Member

@spbrogan spbrogan commented Apr 9, 2026

After allocating Private via AllocateZeroPool and successfully opening both gEfiDevicePathProtocolGuid and gEfiPciIoProtocolGuid BY_DRIVER, the function attempts PciIo->Attributes(EfiPciIoAttributeOperationGet) If this call fails, the code executes return Status instead of goto Exit.

Trigger path:

NvmExpressDriverBindingStart is called.
OpenProtocol for DevicePath succeeds (opens BY_DRIVER). OpenProtocol for PciIo succeeds (opens BY_DRIVER). AllocateZeroPool for Private succeeds.
PciIo->Attributes(Get) returns an error.
return Status bypasses the Exit: label.

Consequence:
Memory leak of NVME_CONTROLLER_PRIVATE_DATA. Two protocols remain opened BY_DRIVER on the controller handle, preventing other drivers from binding.

  • Breaking change?
    • Breaking change - Does this PR cause a break in build or boot behavior?
    • Examples: Does it add a new library class or move a module to a different repo.
  • Impacts security?
    • Security - Does this PR have a direct security impact?
    • Examples: Crypto algorithm change or buffer overflow fix.
  • Includes tests?
    • Tests - Does this PR include any explicit test code?
    • Examples: Unit tests or integration tests.

How This Was Tested

review

Integration Instructions

n/a

@spbrogan spbrogan linked an issue Apr 9, 2026 that may be closed by this pull request
[Bug]: NvmeDxe:: Incomplete cleanup on failure case resulting in memory leak and protocol tracking #12399
Open
4 tasks
@mikebeaton
Copy link
Copy Markdown
Member

mikebeaton commented Apr 9, 2026

Changes match intended cleanup.

@spbrogan
MdeModulePkg: NvmExpressDriverBindingStart - early return path leaks
f095651 
After allocating Private via AllocateZeroPool and successfully opening
both gEfiDevicePathProtocolGuid and gEfiPciIoProtocolGuid BY_DRIVER,
the function attempts PciIo->Attributes(EfiPciIoAttributeOperationGet)
If this call fails, the code executes return Status instead of goto Exit.

Trigger path:

NvmExpressDriverBindingStart is called.
OpenProtocol for DevicePath succeeds (opens BY_DRIVER).
OpenProtocol for PciIo succeeds (opens BY_DRIVER).
AllocateZeroPool for Private succeeds.
PciIo->Attributes(Get) returns an error.
return Status bypasses the Exit: label.

Consequence:
Memory leak of NVME_CONTROLLER_PRIVATE_DATA. Two protocols remain opened
BY_DRIVER on the controller handle, preventing other drivers from binding.

Signed-off-by: Sean Brogan <sebrogan@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkolakow jkolakow Awaiting requested review from jkolakow

@lgao4 lgao4 Awaiting requested review from lgao4

1 more reviewer

@mikebeaton mikebeaton mikebeaton approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: NvmeDxe:: Incomplete cleanup on failure case resulting in memory leak and protocol tracking

2 participants

@spbrogan @mikebeaton