From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Gabriel Somlo <somlo@cmu.edu>,
Johan Hovold <johan@kernel.org>
Subject: [PATCH 5.4 11/15] firmware: qemu_fw_cfg: fix kobject leak in probe error path
Date: Tue, 18 Jan 2022 17:05:50 +0100 [thread overview]
Message-ID: <20220118160450.420747047@linuxfoundation.org> (raw)
In-Reply-To: <20220118160450.062004175@linuxfoundation.org>
From: Johan Hovold <johan@kernel.org>
commit 47a1db8e797da01a1309bf42e0c0d771d4e4d4f3 upstream.
An initialised kobject must be freed using kobject_put() to avoid
leaking associated resources (e.g. the object name).
Commit fe3c60684377 ("firmware: Fix a reference count leak.") "fixed"
the leak in the first error path of the file registration helper but
left the second one unchanged. This "fix" would however result in a NULL
pointer dereference due to the release function also removing the never
added entry from the fw_cfg_entry_cache list. This has now been
addressed.
Fix the remaining kobject leak by restoring the common error path and
adding the missing kobject_put().
Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device")
Cc: stable@vger.kernel.org # 4.6
Cc: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211201132528.30025-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/qemu_fw_cfg.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--- a/drivers/firmware/qemu_fw_cfg.c
+++ b/drivers/firmware/qemu_fw_cfg.c
@@ -600,15 +600,13 @@ static int fw_cfg_register_file(const st
/* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */
err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype,
fw_cfg_sel_ko, "%d", entry->select);
- if (err) {
- kobject_put(&entry->kobj);
- return err;
- }
+ if (err)
+ goto err_put_entry;
/* add raw binary content access */
err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw);
if (err)
- goto err_add_raw;
+ goto err_del_entry;
/* try adding "/sys/firmware/qemu_fw_cfg/by_name/" symlink */
fw_cfg_build_symlink(fw_cfg_fname_kset, &entry->kobj, entry->name);
@@ -617,9 +615,10 @@ static int fw_cfg_register_file(const st
fw_cfg_sysfs_cache_enlist(entry);
return 0;
-err_add_raw:
+err_del_entry:
kobject_del(&entry->kobj);
- kfree(entry);
+err_put_entry:
+ kobject_put(&entry->kobj);
return err;
}
next prev parent reply other threads:[~2022-01-18 16:06 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 16:05 [PATCH 5.4 00/15] 5.4.173-rc1 review Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 01/15] kbuild: Add $(KBUILD_HOSTLDFLAGS) to has_libelf test Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 02/15] devtmpfs regression fix: reconfigure on each mount Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 03/15] orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 04/15] vfs: fs_context: fix up param length parsing in legacy_parse_param Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 05/15] perf: Protect perf_guest_cbs with RCU Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 06/15] KVM: s390: Clarify SIGP orders versus STOP/RESTART Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 07/15] media: uvcvideo: fix division by zero at stream start Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 08/15] rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 09/15] firmware: qemu_fw_cfg: fix sysfs information leak Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 10/15] firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries Greg Kroah-Hartman
2022-01-18 16:05 ` Greg Kroah-Hartman [this message]
2022-01-18 16:05 ` [PATCH 5.4 12/15] KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 13/15] ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 14/15] mtd: fixup CFI on ixp4xx Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.4 15/15] ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD Greg Kroah-Hartman
2022-01-18 19:00 ` [PATCH 5.4 00/15] 5.4.173-rc1 review Florian Fainelli
2022-01-18 20:49 ` Jon Hunter
2022-01-18 22:21 ` Shuah Khan
2022-01-20 0:43 ` Guenter Roeck
2022-01-20 1:24 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118160450.420747047@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johan@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=somlo@cmu.edu \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.