| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aOfgB6UpBha+pvqa@lizhi-Precision-Tower-5810>
Date: Thu, 9 Oct 2025 12:17:11 -0400
From: Frank Li <Frank.li@....com>
To: Shuhao Fu <sfual@....ust.hk>
Cc: Alexandre Belloni <alexandre.belloni@...tlin.com>,
linux-i3c@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] i3c: fix refcount inconsistency in i3c_master_register
On Wed, Oct 08, 2025 at 03:27:09PM +0800, Shuhao Fu wrote:
> In `i3c_master_register`, a possible refcount inconsistency has been
> identified, causing possible resource leak.
>
> Function `of_node_get` increases the refcount of `parent->of_node`. If
> function `i3c_bus_init` fails, the function returns immediately without
> a corresponding decrease, resulting in an inconsistent refcounter.
>
> In this patch, an extra goto label is added to ensure the balance of
> refcount when `i3c_bus_init` fails.
>
> Fixes: 3a379bbcea0a ("i3c: Add core I3C infrastructure")
> Signed-off-by: Shuhao Fu <sfual@....ust.hk>
> ---
> drivers/i3c/master.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c
> index d946db75d..9f4fe98d2 100644
> --- a/drivers/i3c/master.c
> +++ b/drivers/i3c/master.c
> @@ -2885,7 +2885,7 @@ int i3c_master_register(struct i3c_master_controller *master,
>
> ret = i3c_bus_init(i3cbus, master->dev.of_node);
> if (ret)
> - return ret;
> + goto err_put_of_node;
I think it'd better to set release function for master dev to release
of_node because of_node_put() also missed at i3c_master_unregister()
you can refer drivers/base/platform.c
Frank
>
> device_initialize(&master->dev);
> dev_set_name(&master->dev, "i3c-%d", i3cbus->id);
> @@ -2973,6 +2973,9 @@ int i3c_master_register(struct i3c_master_controller *master,
> err_put_dev:
> put_device(&master->dev);
>
> +err_put_of_node:
> + of_node_put(master->dev.of_node);
> +
> return ret;
> }
> EXPORT_SYMBOL_GPL(i3c_master_register);
> --
> 2.39.5 (Apple Git-154)
>
>
> --
> linux-i3c mailing list
> linux-i3c@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-i3c
Powered by blists - more mailing lists