lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251107070931.30549-1-make24@iscas.ac.cn>
Date: Fri,  7 Nov 2025 15:09:31 +0800
From: Ma Ke <make24@...as.ac.cn>
To: eajames@...ux.ibm.com,
	ninad@...ux.ibm.com,
	benh@...nel.crashing.org
Cc: linux-fsi@...ts.ozlabs.org,
	linux-kernel@...r.kernel.org,
	akpm@...ux-foundation.org,
	Ma Ke <make24@...as.ac.cn>,
	stable@...r.kernel.org
Subject: [PATCH] fsi: Fix error handling in fsi_slave_init

fsi_slave_init() calls device_initialize() for slave->dev
unconditionally. However, in the error paths, put_device() is not
called, leading to an imbalance in the device reference count.

Although kfree(slave) eventually frees the memory, it does not
properly release the device initialized by device_initialize(). For
proper pairing of device_initialize()/put_device(), add put_device()
calls in both error paths.

Found by code review.

Cc: stable@...r.kernel.org
Fixes: d1dcd6782576 ("fsi: Add cfam char devices")
Signed-off-by: Ma Ke <make24@...as.ac.cn>
---
 drivers/fsi/fsi-core.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c
index c6c115993ebc..0d45e4442ca9 100644
--- a/drivers/fsi/fsi-core.c
+++ b/drivers/fsi/fsi-core.c
@@ -1075,7 +1075,7 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id)
 	rc = __fsi_get_new_minor(slave, fsi_dev_cfam, &slave->dev.devt,
 				 &slave->cdev_idx);
 	if (rc)
-		goto err_free;
+		goto err_put_device;
 
 	trace_fsi_slave_init(slave);
 
@@ -1112,6 +1112,9 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id)
 
 err_free_ida:
 	fsi_free_minor(slave->dev.devt);
+err_put_device:
+	put_device(&slave->dev);
+	return rc;
 err_free:
 	of_node_put(slave->dev.of_node);
 	kfree(slave);
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ