lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200528021322.1984-1-wu000273@umn.edu>
Date:   Wed, 27 May 2020 21:13:22 -0500
From:   wu000273@....edu
To:     kjlu@....edu
Cc:     wu000273@....edu, Bjorn Helgaas <bhelgaas@...gle.com>,
        Kenji Kaneshige <kaneshige.kenji@...fujitsu.com>,
        Jesse Barnes <jbarnes@...tuousgeek.org>,
        Alex Chiang <achiang@...com>, linux-pci@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH] Fix reference count leak in pci_create_slot

From: Qiushi Wu <wu000273@....edu>

kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object. Thus,
when call of kobject_init_and_add() fail, we should call kobject_put()
instead of kfree(). Previous commit "b8eb718348b8" fixed a similar problem.

Fixes: 5fe6cc60680d ("PCI: prevent duplicate slot names")
Signed-off-by: Qiushi Wu <wu000273@....edu>
---
 drivers/pci/slot.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c
index cc386ef2fa12..3861505741e6 100644
--- a/drivers/pci/slot.c
+++ b/drivers/pci/slot.c
@@ -268,13 +268,16 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr,
 	slot_name = make_slot_name(name);
 	if (!slot_name) {
 		err = -ENOMEM;
+		kfree(slot);
 		goto err;
 	}
 
 	err = kobject_init_and_add(&slot->kobj, &pci_slot_ktype, NULL,
 				   "%s", slot_name);
-	if (err)
+	if (err) {
+		kobject_put(&slot->kobj);
 		goto err;
+	}
 
 	INIT_LIST_HEAD(&slot->list);
 	list_add(&slot->list, &parent->slots);
@@ -293,7 +296,6 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr,
 	mutex_unlock(&pci_slot_mutex);
 	return slot;
 err:
-	kfree(slot);
 	slot = ERR_PTR(err);
 	goto out;
 }
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ