lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aQnVfdHKk7TD0JwM@hovoldconsulting.com>
Date: Tue, 4 Nov 2025 11:29:17 +0100
From: Johan Hovold <johan@...nel.org>
To: Haotian Zhang <vulab@...as.ac.cn>
Cc: Vaibhav Hiremath <hvaibhav.linux@...il.com>,
	Alex Elder <elder@...nel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	greybus-dev@...ts.linaro.org, linux-staging@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: greybus: arche-platform: fix pm_notifier leak
 in probe error path

On Tue, Nov 04, 2025 at 05:08:25PM +0800, Haotian Zhang wrote:
> In arche_platform_probe(), if arche_platform_coldboot_seq() fails after
> register_pm_notifier() succeeds, the function returns without unregistering
> the pm_notifier, leading to a resource leak.
> 
> Add unregister_pm_notifier() call in the err_coldboot error path to
> properly clean up the registered notifier on failure.
> 
> Fixes: d29b67d44a7c ("greybus: arche-platform: Add support for init-off feature")
> Signed-off-by: Haotian Zhang <vulab@...as.ac.cn>
> ---
>  drivers/staging/greybus/arche-platform.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/staging/greybus/arche-platform.c b/drivers/staging/greybus/arche-platform.c
> index d48464390f58..9c5bb5dae187 100644
> --- a/drivers/staging/greybus/arche-platform.c
> +++ b/drivers/staging/greybus/arche-platform.c
> @@ -545,6 +545,7 @@ static int arche_platform_probe(struct platform_device *pdev)
>  	return 0;
>  
>  err_coldboot:
> +	unregister_pm_notifier(&arche_pdata->pm_notifier);
>  	mutex_unlock(&arche_pdata->platform_state_mutex);

This looks mostly correct, but please make sure to release the lock
before deregistering the notifier so that things are unwound in reverse
order.

It would be even better to move the mutex unlock to where the driver
jumps to err_coldboot since it is only held in that conditional since
the offending commit.

>  err_device_remove:
>  	device_remove_file(&pdev->dev, &dev_attr_state);

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ