[PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()

* [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()
@ 2022-11-12 13:10 Yang Yingliang
  2022-11-26  0:20 ` Martin K. Petersen
  2022-12-01  3:45 ` Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Yang Yingliang @ 2022-11-12 13:10 UTC (permalink / raw)
  To: linux-scsi; +Cc: jejb, martin.petersen, yangyingliang

Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
it needs be freed, when device_register() returns error.

As comment of device_register() says, it should use put_device()
to give up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(), and
sdbg_host is freed in sdebug_release_adapter().

When the device release is not set, it means the device is not
initialized, we can not call put_device(), in this case, use
kfree() to free memory.

Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/scsi/scsi_debug.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 697fc57bc711..104888bed801 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -7329,7 +7329,10 @@ static int sdebug_add_host_helper(int per_host_idx)
 		kfree(sdbg_devinfo->zstate);
 		kfree(sdbg_devinfo);
 	}
-	kfree(sdbg_host);
+	if (sdbg_host->dev.release)
+		put_device(&sdbg_host->dev);
+	else
+		kfree(sdbg_host);
 	pr_warn("%s: failed, errno=%d\n", __func__, -error);
 	return error;
 }
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread