| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220407150240.151166-2-wangkefeng.wang@huawei.com>
Date: Thu, 7 Apr 2022 23:02:40 +0800
From: Kefeng Wang <wangkefeng.wang@...wei.com>
To: Russell King <linux@...linux.org.uk>,
<linux-kernel@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>
CC: Rob Herring <robh@...nel.org>,
Kefeng Wang <wangkefeng.wang@...wei.com>
Subject: [PATCH 2/2] amba: fix memory leak in amba_device_try_add()
If amba_device_try_add() return error code (not EPROBE_DEFER),
memory leak occurred when amba device fails to read periphid.
unreferenced object 0xc1c60800 (size 1024):
comm "swapper/0", pid 1, jiffies 4294937333 (age 75.200s)
hex dump (first 32 bytes):
40 40 db c1 04 08 c6 c1 04 08 c6 c1 00 00 00 00 @@..............
00 d9 c1 c1 84 6f 38 c1 00 00 00 00 01 00 00 00 .....o8.........
backtrace:
[<(ptrval)>] kmem_cache_alloc_trace+0x168/0x2b4
[<(ptrval)>] amba_device_alloc+0x38/0x7c
[<(ptrval)>] of_platform_bus_create+0x2f4/0x4e8
[<(ptrval)>] of_platform_bus_create+0x380/0x4e8
[<(ptrval)>] of_platform_bus_create+0x380/0x4e8
[<(ptrval)>] of_platform_bus_create+0x380/0x4e8
[<(ptrval)>] of_platform_populate+0x70/0xc4
[<(ptrval)>] of_platform_default_populate_init+0xb4/0xcc
[<(ptrval)>] do_one_initcall+0x58/0x218
[<(ptrval)>] kernel_init_freeable+0x250/0x29c
[<(ptrval)>] kernel_init+0x24/0x148
[<(ptrval)>] ret_from_fork+0x14/0x1c
[<00000000>] 0x0
unreferenced object 0xc1db4040 (size 64):
comm "swapper/0", pid 1, jiffies 4294937333 (age 75.200s)
hex dump (first 32 bytes):
31 63 30 66 30 30 30 30 2e 77 64 74 00 00 00 00 1c0f0000.wdt....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<(ptrval)>] __kmalloc_track_caller+0x19c/0x2f8
[<(ptrval)>] kvasprintf+0x60/0xcc
[<(ptrval)>] kvasprintf_const+0x54/0x78
[<(ptrval)>] kobject_set_name_vargs+0x34/0xa8
[<(ptrval)>] dev_set_name+0x40/0x5c
[<(ptrval)>] of_device_make_bus_id+0x128/0x1f8
[<(ptrval)>] of_platform_bus_create+0x4dc/0x4e8
[<(ptrval)>] of_platform_bus_create+0x380/0x4e8
[<(ptrval)>] of_platform_bus_create+0x380/0x4e8
[<(ptrval)>] of_platform_bus_create+0x380/0x4e8
[<(ptrval)>] of_platform_populate+0x70/0xc4
[<(ptrval)>] of_platform_default_populate_init+0xb4/0xcc
[<(ptrval)>] do_one_initcall+0x58/0x218
[<(ptrval)>] kernel_init_freeable+0x250/0x29c
[<(ptrval)>] kernel_init+0x24/0x148
[<(ptrval)>] ret_from_fork+0x14/0x1c
Fix them by adding amba_device_put() to release device name and
amba device.
Signed-off-by: Kefeng Wang <wangkefeng.wang@...wei.com>
---
drivers/amba/bus.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
index 0073d8ba0353..7e775ba6fdd9 100644
--- a/drivers/amba/bus.c
+++ b/drivers/amba/bus.c
@@ -478,8 +478,14 @@ static int amba_device_try_add(struct amba_device *dev, struct resource *parent)
goto skip_probe;
ret = amba_read_periphid(dev);
- if (ret)
+ if (ret) {
+ if (ret != -EPROBE_DEFER) {
+ amba_device_put(dev);
+ goto err_out;
+ }
goto err_release;
+ }
+
skip_probe:
ret = device_add(&dev->dev);
err_release:
--
2.26.2
Powered by blists - more mailing lists