lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 7 Apr 2022 23:02:40 +0800
From:   Kefeng Wang <wangkefeng.wang@...wei.com>
To:     Russell King <linux@...linux.org.uk>,
        <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>
CC:     Rob Herring <robh@...nel.org>,
        Kefeng Wang <wangkefeng.wang@...wei.com>
Subject: [PATCH 2/2] amba: fix memory leak in amba_device_try_add()

If amba_device_try_add() return error code (not EPROBE_DEFER),
memory leak occurred when amba device fails to read periphid.

unreferenced object 0xc1c60800 (size 1024):
  comm "swapper/0", pid 1, jiffies 4294937333 (age 75.200s)
  hex dump (first 32 bytes):
    40 40 db c1 04 08 c6 c1 04 08 c6 c1 00 00 00 00  @@..............
    00 d9 c1 c1 84 6f 38 c1 00 00 00 00 01 00 00 00  .....o8.........
  backtrace:
    [<(ptrval)>] kmem_cache_alloc_trace+0x168/0x2b4
    [<(ptrval)>] amba_device_alloc+0x38/0x7c
    [<(ptrval)>] of_platform_bus_create+0x2f4/0x4e8
    [<(ptrval)>] of_platform_bus_create+0x380/0x4e8
    [<(ptrval)>] of_platform_bus_create+0x380/0x4e8
    [<(ptrval)>] of_platform_bus_create+0x380/0x4e8
    [<(ptrval)>] of_platform_populate+0x70/0xc4
    [<(ptrval)>] of_platform_default_populate_init+0xb4/0xcc
    [<(ptrval)>] do_one_initcall+0x58/0x218
    [<(ptrval)>] kernel_init_freeable+0x250/0x29c
    [<(ptrval)>] kernel_init+0x24/0x148
    [<(ptrval)>] ret_from_fork+0x14/0x1c
    [<00000000>] 0x0
unreferenced object 0xc1db4040 (size 64):
  comm "swapper/0", pid 1, jiffies 4294937333 (age 75.200s)
  hex dump (first 32 bytes):
    31 63 30 66 30 30 30 30 2e 77 64 74 00 00 00 00  1c0f0000.wdt....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<(ptrval)>] __kmalloc_track_caller+0x19c/0x2f8
    [<(ptrval)>] kvasprintf+0x60/0xcc
    [<(ptrval)>] kvasprintf_const+0x54/0x78
    [<(ptrval)>] kobject_set_name_vargs+0x34/0xa8
    [<(ptrval)>] dev_set_name+0x40/0x5c
    [<(ptrval)>] of_device_make_bus_id+0x128/0x1f8
    [<(ptrval)>] of_platform_bus_create+0x4dc/0x4e8
    [<(ptrval)>] of_platform_bus_create+0x380/0x4e8
    [<(ptrval)>] of_platform_bus_create+0x380/0x4e8
    [<(ptrval)>] of_platform_bus_create+0x380/0x4e8
    [<(ptrval)>] of_platform_populate+0x70/0xc4
    [<(ptrval)>] of_platform_default_populate_init+0xb4/0xcc
    [<(ptrval)>] do_one_initcall+0x58/0x218
    [<(ptrval)>] kernel_init_freeable+0x250/0x29c
    [<(ptrval)>] kernel_init+0x24/0x148
    [<(ptrval)>] ret_from_fork+0x14/0x1c

Fix them by adding amba_device_put() to release device name and
amba device.

Signed-off-by: Kefeng Wang <wangkefeng.wang@...wei.com>
---
 drivers/amba/bus.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
index 0073d8ba0353..7e775ba6fdd9 100644
--- a/drivers/amba/bus.c
+++ b/drivers/amba/bus.c
@@ -478,8 +478,14 @@ static int amba_device_try_add(struct amba_device *dev, struct resource *parent)
 		goto skip_probe;
 
 	ret = amba_read_periphid(dev);
-	if (ret)
+	if (ret) {
+		if (ret != -EPROBE_DEFER) {
+			amba_device_put(dev);
+			goto err_out;
+		}
 		goto err_release;
+	}
+
 skip_probe:
 	ret = device_add(&dev->dev);
 err_release:
-- 
2.26.2

Powered by blists - more mailing lists