lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20211102015918.134647-1-heying24@huawei.com>
Date:   Mon, 1 Nov 2021 21:59:18 -0400
From:   He Ying <heying24@...wei.com>
To:     <mpe@...erman.id.au>, <benh@...nel.crashing.org>,
        <paulus@...ba.org>, <akpm@...ux-foundation.org>,
        <npiggin@...il.com>, <aneesh.kumar@...ux.ibm.com>
CC:     <linuxppc-dev@...ts.ozlabs.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] powerpc: Fix reference leak of node np in opal_lpc_init

When breaking from for_each_compatible_node body, we increase the
reference of node np. Then calling isa_bridge_init_non_pci()
will assign np to isa_bridge_devnode. It looks good. However,
other error paths in the code should put the node np back to avoid
the reference leak. Fix the problem by adding missing
of_node_put().

Signed-off-by: He Ying <heying24@...wei.com>
---
 arch/powerpc/kernel/isa-bridge.c          | 10 +++++++++-
 arch/powerpc/platforms/powernv/opal-lpc.c |  6 +++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/kernel/isa-bridge.c b/arch/powerpc/kernel/isa-bridge.c
index 39c625737c09..bcf1d6024f9e 100644
--- a/arch/powerpc/kernel/isa-bridge.c
+++ b/arch/powerpc/kernel/isa-bridge.c
@@ -192,14 +192,17 @@ void __init isa_bridge_init_non_pci(struct device_node *np)
 	u64 cbase, pbase, size = 0;
 
 	/* If we already have an ISA bridge, bail off */
-	if (isa_bridge_devnode != NULL)
+	if (isa_bridge_devnode != NULL) {
+		of_node_put(np);
 		return;
+	}
 
 	pna = of_n_addr_cells(np);
 	if (of_property_read_u32(np, "#address-cells", &na) ||
 	    of_property_read_u32(np, "#size-cells", &ns)) {
 		pr_warn("ISA: Non-PCI bridge %pOF is missing address format\n",
 			np);
+		of_node_put(np);
 		return;
 	}
 
@@ -207,6 +210,7 @@ void __init isa_bridge_init_non_pci(struct device_node *np)
 	if (na != 2 || ns != 1) {
 		pr_warn("ISA: Non-PCI bridge %pOF has unsupported address format\n",
 			np);
+		of_node_put(np);
 		return;
 	}
 	rs = na + ns + pna;
@@ -216,6 +220,7 @@ void __init isa_bridge_init_non_pci(struct device_node *np)
 	if (ranges == NULL || rlen < rs) {
 		pr_warn("ISA: Non-PCI bridge %pOF has absent or invalid ranges\n",
 			np);
+		of_node_put(np);
 		return;
 	}
 
@@ -233,6 +238,7 @@ void __init isa_bridge_init_non_pci(struct device_node *np)
 	if (!size || !pbasep) {
 		pr_warn("ISA: Non-PCI bridge %pOF has no usable IO range\n",
 			np);
+		of_node_put(np);
 		return;
 	}
 
@@ -246,6 +252,7 @@ void __init isa_bridge_init_non_pci(struct device_node *np)
 	if (pbase == OF_BAD_ADDR) {
 		pr_warn("ISA: Non-PCI bridge %pOF failed to translate IO base\n",
 			np);
+		of_node_put(np);
 		return;
 	}
 
@@ -253,6 +260,7 @@ void __init isa_bridge_init_non_pci(struct device_node *np)
 	if ((cbase & ~PAGE_MASK) || (pbase & ~PAGE_MASK)) {
 		pr_warn("ISA: Non-PCI bridge %pOF has non aligned IO range\n",
 			np);
+		of_node_put(np);
 		return;
 	}
 
diff --git a/arch/powerpc/platforms/powernv/opal-lpc.c b/arch/powerpc/platforms/powernv/opal-lpc.c
index 1e5d51db40f8..5647752b2d6a 100644
--- a/arch/powerpc/platforms/powernv/opal-lpc.c
+++ b/arch/powerpc/platforms/powernv/opal-lpc.c
@@ -398,8 +398,11 @@ void __init opal_lpc_init(void)
 		opal_lpc_chip_id = of_get_ibm_chip_id(np);
 		break;
 	}
-	if (opal_lpc_chip_id < 0)
+	if (opal_lpc_chip_id < 0) {
+		if (np)
+			of_node_put(np);
 		return;
+	}
 
 	/* Does it support direct mapping ? */
 	if (of_get_property(np, "ranges", NULL)) {
@@ -407,6 +410,7 @@ void __init opal_lpc_init(void)
 			opal_lpc_chip_id);
 		isa_bridge_init_non_pci(np);
 	} else {
+		of_node_put(np);
 		pr_info("OPAL: Found non-mapped LPC bus on chip %d\n",
 			opal_lpc_chip_id);
 
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ