lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 6 Nov 2022 17:27:24 +0100
From:   Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
To:     Yang Yingliang <yangyingliang@...wei.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Thorsten Scherer <t.scherer@...elmann.de>,
        kernel@...gutronix.de
Subject: Re: [PATCH] siox: fix possible memory leak in siox_device_add()

Hello,

On Fri, Nov 04, 2022 at 10:13:34AM +0800, Yang Yingliang wrote:
> If device_register() returns error in siox_device_add(),
> the name allocated by dev_set_name() need be freed. As
> comment of device_register() says, it should use put_device()
> to give up the reference in the error path. So fix this
> by calling put_device(), then the name can be freed in
> kobject_cleanup(), and sdevice is freed in siox_device_release(),
> set it to null in error path.
> 
> Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX")
> Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
> ---
>  drivers/siox/siox-core.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c
> index 7c4f32d76966..561408583b2b 100644
> --- a/drivers/siox/siox-core.c
> +++ b/drivers/siox/siox-core.c
> @@ -839,6 +839,8 @@ static struct siox_device *siox_device_add(struct siox_master *smaster,
>  
>  err_device_register:
>  	/* don't care to make the buffer smaller again */
> +	put_device(&sdevice->dev);
> +	sdevice = NULL;

The problem is real and the fix works as intended. I don't like the
necessity to set sdevice to NULL, but that's the easiest approach here,
so:

Reviewed-by: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>

>  err_buf_alloc:
>  	siox_master_unlock(smaster);

@gregkh: Could you pick up this patch please[1]? While I don't consider it
very urgent, it's technically a fix. I don't care much if it goes in now
or during the next merge window.

Best regards
Uwe

[1] the original Message-Id is
    20221104021334.618189-1-yangyingliang@...wei.com. Maybe this helps
    you to apply the patch even if you didn't get a Cc.

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ