| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Jun 2022 23:32:08 +0800
From: Liang He <windhl@....com>
To: davem@...emloft.net
Cc: windhl@....com, sparclinux@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v2] sbus/char: Fix refcount leak bugs in openprom.c
In opiocgetnext(), we need a of_node_put() to keep refcount balance.
NOTE: we should not change 'dp' as it will used as the arg of
of_node_put().
Signed-off-by: Liang He <windhl@....com>
---
changelog:
v2: (1) consider of_find_node_by_path() and of_find_node_by_phandle()
v1: this is a wrong patch as dp has been updated by its sibling or
child.
drivers/sbus/char/openprom.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c
index 30b9751aad30..b5907e0c24e5 100644
--- a/drivers/sbus/char/openprom.c
+++ b/drivers/sbus/char/openprom.c
@@ -494,7 +494,7 @@ static int opiocset(void __user *argp, DATA *data)
static int opiocgetnext(unsigned int cmd, void __user *argp)
{
- struct device_node *dp;
+ struct device_node *dp, *tp;
phandle nd;
BUILD_BUG_ON(sizeof(phandle) != sizeof(int));
@@ -506,18 +506,24 @@ static int opiocgetnext(unsigned int cmd, void __user *argp)
if (cmd != OPIOCGETNEXT)
return -EINVAL;
dp = of_find_node_by_path("/");
+ if (dp)
+ nd = dp->phandle;
} else {
dp = of_find_node_by_phandle(nd);
nd = 0;
if (dp) {
if (cmd == OPIOCGETNEXT)
- dp = dp->sibling;
+ tp = dp->sibling;
else
- dp = dp->child;
+ tp = dp->child;
}
+
+ if (tp)
+ nd = tp->phandle;
}
- if (dp)
- nd = dp->phandle;
+
+ of_node_put(dp);
+
if (copy_to_user(argp, &nd, sizeof(phandle)))
return -EFAULT;
--
2.25.1
Powered by blists - more mailing lists