* [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()
@ 2022-11-12 13:10 Yang Yingliang
2022-11-26 0:20 ` Martin K. Petersen
2022-12-01 3:45 ` Martin K. Petersen
0 siblings, 2 replies; 3+ messages in thread
From: Yang Yingliang @ 2022-11-12 13:10 UTC (permalink / raw)
To: linux-scsi; +Cc: jejb, martin.petersen, yangyingliang
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
it needs be freed, when device_register() returns error.
As comment of device_register() says, it should use put_device()
to give up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(), and
sdbg_host is freed in sdebug_release_adapter().
When the device release is not set, it means the device is not
initialized, we can not call put_device(), in this case, use
kfree() to free memory.
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
drivers/scsi/scsi_debug.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 697fc57bc711..104888bed801 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -7329,7 +7329,10 @@ static int sdebug_add_host_helper(int per_host_idx)
kfree(sdbg_devinfo->zstate);
kfree(sdbg_devinfo);
}
- kfree(sdbg_host);
+ if (sdbg_host->dev.release)
+ put_device(&sdbg_host->dev);
+ else
+ kfree(sdbg_host);
pr_warn("%s: failed, errno=%d\n", __func__, -error);
return error;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()
2022-11-12 13:10 [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper() Yang Yingliang
@ 2022-11-26 0:20 ` Martin K. Petersen
2022-12-01 3:45 ` Martin K. Petersen
1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2022-11-26 0:20 UTC (permalink / raw)
To: Yang Yingliang; +Cc: linux-scsi, jejb, martin.petersen
Yang,
> Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
> bus_id string array"), the name of device is allocated dynamically,
> it needs be freed, when device_register() returns error.
Applied to 6.2/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()
2022-11-12 13:10 [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper() Yang Yingliang
2022-11-26 0:20 ` Martin K. Petersen
@ 2022-12-01 3:45 ` Martin K. Petersen
1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2022-12-01 3:45 UTC (permalink / raw)
To: linux-scsi, Yang Yingliang; +Cc: Martin K . Petersen, jejb
On Sat, 12 Nov 2022 21:10:10 +0800, Yang Yingliang wrote:
> Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
> bus_id string array"), the name of device is allocated dynamically,
> it needs be freed, when device_register() returns error.
>
> As comment of device_register() says, it should use put_device()
> to give up the reference in the error path. So fix this by calling
> put_device(), then the name can be freed in kobject_cleanup(), and
> sdbg_host is freed in sdebug_release_adapter().
>
> [...]
Applied to 6.2/scsi-queue, thanks!
[1/1] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()
https://git.kernel.org/mkp/scsi/c/e6d773f93a49
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-01 3:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-12 13:10 [PATCH] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper() Yang Yingliang
2022-11-26 0:20 ` Martin K. Petersen
2022-12-01 3:45 ` Martin K. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).