lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZRaNrE3LZ/bl4OWZ@ninjato>
Date:   Fri, 29 Sep 2023 10:41:16 +0200
From:   Wolfram Sang <wsa@...nel.org>
To:     Li Zetao <lizetao1@...wei.com>
Cc:     khali@...ux-fr.org, gregkh@...e.de, lizeta1@...wei.com,
        linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND] i2c: core: Fix possible memleak in
 i2c_register_adapter()

On Thu, Sep 28, 2023 at 09:27:09AM +0800, Li Zetao wrote:
> There is a memory leak reported by kmemleak:
> 
> unreferenced object 0xffff88818be6dcb8 (size 8):
>   comm "modprobe", pid 1022129, jiffies 4363911608 (age 43.838s)
>     hex dump (first 8 bytes):
>       69 32 63 2d 30 00 6b a5                          i2c-0.k.
>     backtrace:
>       [<ffffffff812f588f>] __kmem_cache_alloc_node+0x2cf/0x4b0
>       [<ffffffff81283c43>] __kmalloc_node_track_caller+0x53/0x140
>       [<ffffffff81604b0a>] kvasprintf+0x6a/0xd0
>       [<ffffffff81604be7>] kvasprintf_const+0x77/0xa0
>       [<ffffffff81a00173>] kobject_set_name_vargs+0x23/0x90
>       [<ffffffff817bf743>] dev_set_name+0x53/0x70
>       [<ffffffffa023ebb2>] i2c_register_adapter+0x112/0x6c0 [i2c_core]
>       [<ffffffffa023f268>] i2c_add_adapter+0x78/0xc0 [i2c_core]
>       [<ffffffffa0300182>] piix4_add_adapter+0x132/0x210 [i2c_piix4]
>       [<ffffffffa0300535>] piix4_probe+0x2d5/0x5f4 [i2c_piix4]
>       ...
> 
> The root cause was traced to an error handing path in
> i2c_register_adapter() when device_register() fails. After
> calling dev_set_name() which called by i2c_register_adapter(),
> the put_device() should be used to give up the device reference
> in error handling path in order to free "kobj->name" alloced
> in dev_set_name().
> 
> Fix it by calling put_device() when device_register() fails in
> i2c_register_adapter(). In addition, when i2c_adapter device
> is released, i2c_adapter_dev_release() is called, in which
> "dev_released" must be initialized, otherwise a kernel bug
> will be triggered.
> 
> Fixes: b119c6c952a0 ("i2c: __must_check fixes (core drivers)")
> Signed-off-by: Li Zetao <lizetao1@...wei.com>

Applied to for-next, thanks!


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ