From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Shang XiaoJing <shangxiaojing@huawei.com>,
Greg KH <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>,
viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org
Subject: [PATCH AUTOSEL 5.15 06/14] chardev: Fix potential memory leak when cdev_add() failed
Date: Fri, 23 Dec 2022 20:31:19 -0500 [thread overview]
Message-ID: <20221224013127.393187-6-sashal@kernel.org> (raw)
In-Reply-To: <20221224013127.393187-1-sashal@kernel.org>
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit 4634c973096a64662a24d9914c47cebc2a8b72f4 ]
Some init function of cdev(like comedi) will call kobject_set_name()
before cdev_add(), but won't free the cdev.kobj.name or put the ref cnt
of cdev.kobj when cdev_add() failed. As the result, cdev.kobj.name will
be leaked.
Free the name of kobject in cdev_add() fail path to prevent memleak. With
this fix, the callers don't need to care about freeing the name of
kobject if cdev_add() fails.
unreferenced object 0xffff8881000fa8c0 (size 8):
comm "modprobe", pid 239, jiffies 4294905173 (age 51.308s)
hex dump (first 8 bytes):
63 6f 6d 65 64 69 00 ff comedi..
backtrace:
[<000000005f9878f7>] __kmalloc_node_track_caller+0x4c/0x1c0
[<000000000fd70302>] kstrdup+0x3f/0x70
[<000000009428bc33>] kstrdup_const+0x46/0x60
[<00000000ed50d9de>] kvasprintf_const+0xdb/0xf0
[<00000000b2766964>] kobject_set_name_vargs+0x3c/0xe0
[<00000000f2424ef7>] kobject_set_name+0x62/0x90
[<000000005d5a125b>] 0xffffffffa0013098
[<00000000f331e663>] do_one_initcall+0x7a/0x380
[<00000000aa7bac96>] do_init_module+0x5c/0x230
[<000000005fd72335>] load_module+0x227d/0x2420
[<00000000ad550cf1>] __do_sys_finit_module+0xd5/0x140
[<00000000069a60c5>] do_syscall_64+0x3f/0x90
[<00000000c5e0d521>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Suggested-by: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Link: https://lore.kernel.org/r/20221102072659.23671-1-shangxiaojing@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/char_dev.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/fs/char_dev.c b/fs/char_dev.c
index ba0ded7842a7..340e4543b24a 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -483,17 +483,24 @@ int cdev_add(struct cdev *p, dev_t dev, unsigned count)
p->dev = dev;
p->count = count;
- if (WARN_ON(dev == WHITEOUT_DEV))
- return -EBUSY;
+ if (WARN_ON(dev == WHITEOUT_DEV)) {
+ error = -EBUSY;
+ goto err;
+ }
error = kobj_map(cdev_map, dev, count, NULL,
exact_match, exact_lock, p);
if (error)
- return error;
+ goto err;
kobject_get(p->kobj.parent);
return 0;
+
+err:
+ kfree_const(p->kobj.name);
+ p->kobj.name = NULL;
+ return error;
}
/**
--
2.35.1
next prev parent reply other threads:[~2022-12-24 1:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-24 1:31 [PATCH AUTOSEL 5.15 01/14] kset: fix memory leak when kset_register() returns error Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 02/14] USB: core: Change configuration warnings to notices Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 03/14] usb: gadget: aspeed: fix buffer overflow Sasha Levin
2022-12-24 1:31 ` Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 04/14] usb: gadget: u_ether: Do not make UDC parent of the net device Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 05/14] usb: gadget: f_ecm: Always set current gadget in ecm_bind() Sasha Levin
2022-12-24 1:31 ` Sasha Levin [this message]
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 07/14] usb/usbip: Fix v_recv_cmd_submit() to use PIPE_BULK define Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 08/14] char: xillybus: Prevent use-after-free due to race condition Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 09/14] xhci: disable U3 suspended ports in S4 hibernate poweroff_late stage Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 10/14] ACPICA: Fix operand resolution Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 11/14] ksmbd: Fix resource leak in smb2_lock() Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 12/14] writeback: Add asserts for adding freed inode to lists Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 13/14] exfat: fix overflow in sector and cluster conversion Sasha Levin
2022-12-24 1:31 ` [PATCH AUTOSEL 5.15 14/14] fbdev: smscufx: fix error handling code in ufx_usb_probe Sasha Levin
2022-12-24 1:31 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221224013127.393187-6-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=shangxiaojing@huawei.com \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.