lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20221020080056.1050369-1-yangyingliang@huawei.com>
Date:   Thu, 20 Oct 2022 16:00:56 +0800
From:   Yang Yingliang <yangyingliang@...wei.com>
To:     <linux-kernel@...r.kernel.org>
CC:     <gregkh@...uxfoundation.org>
Subject: [PATCH] firmware: edd: fix possible memory leak in edd_device_register()

Inject fault while loading module, kobject_init_and_add() may fail
in edd_device_register(), if it fails, kobject_put() need be called
to properly clean up the memory associated with the object, or the
name of kobject is leaked.

unreferenced object 0xffff8e7d40d15820 (size 16):
  comm "swapper/0", pid 1, jiffies 4294669397 (age 47.978s)
  hex dump (first 16 bytes):
    69 6e 74 31 33 5f 64 65 76 38 30 00 7d 8e ff ff  int13_dev80.}...
  backtrace:
    [<000000009c36832f>] __kmem_cache_alloc_node+0x1e9/0x360
    [<00000000c952bd6c>] __kmalloc_node_track_caller+0x44/0x1a0
    [<000000007573fbea>] kvasprintf+0x67/0xd0
    [<00000000b2800ea6>] kobject_set_name_vargs+0x1e/0x90
    [<000000002d7bc789>] kobject_init_and_add+0x5d/0xa0
    [<000000002569fea1>] edd_init+0x170/0x2ad

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
---
 drivers/firmware/edd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/firmware/edd.c b/drivers/firmware/edd.c
index 5cc238916551..ae39119ea403 100644
--- a/drivers/firmware/edd.c
+++ b/drivers/firmware/edd.c
@@ -708,6 +708,8 @@ edd_device_register(struct edd_device *edev, int i)
 	if (!error) {
 		edd_populate_dir(edev);
 		kobject_uevent(&edev->kobj, KOBJ_ADD);
+	} else {
+		kobject_put(&edev->kobj);
 	}
 	return error;
 }
@@ -747,10 +749,8 @@ edd_init(void)
 		}
 
 		rc = edd_device_register(edev, i);
-		if (rc) {
-			kfree(edev);
+		if (rc)
 			goto out;
-		}
 		edd_devices[i] = edev;
 	}
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ