lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d1d857ee-60c9-4e38-82c7-062e55e6f4f3@kernel.org>
Date: Fri, 14 Nov 2025 10:11:17 +0100
From: Christophe Leroy <chleroy@...nel.org>
To: Miaoqian Lin <linmq006@...il.com>,
 Madhavan Srinivasan <maddy@...ux.ibm.com>,
 Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>,
 Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>,
 Benjamin Herrenschmidt <benh@...nel.crashing.org>,
 Paul Mackerras <paulus@...abs.org>, linuxppc-dev@...ts.ozlabs.org,
 linux-kernel@...r.kernel.org
Cc: stable@...r.kernel.org
Subject: Re: [PATCH] powerpc/powermac: Fix reference count leak in i2c probe
 functions



Le 27/10/2025 à 09:45, Miaoqian Lin a écrit :
> [Vous ne recevez pas souvent de courriers de linmq006@...il.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
> 
> The of_find_node_by_name() function returns a device tree node with its
> reference count incremented. The caller is responsible for calling
> of_node_put() to release this reference when done.
> 
> Fixes: 730745a5c450 ("[PATCH] 1/5 powerpc: Rework PowerMac i2c part 1")
> Cc: stable@...r.kernel.org
> Signed-off-by: Miaoqian Lin <linmq006@...il.com>
> ---
>   arch/powerpc/platforms/powermac/low_i2c.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/platforms/powermac/low_i2c.c b/arch/powerpc/platforms/powermac/low_i2c.c
> index 02474e27df9b..f04dbb93bbfa 100644
> --- a/arch/powerpc/platforms/powermac/low_i2c.c
> +++ b/arch/powerpc/platforms/powermac/low_i2c.c
> @@ -802,8 +802,10 @@ static void __init pmu_i2c_probe(void)
>          for (channel = 1; channel <= 2; channel++) {
>                  sz = sizeof(struct pmac_i2c_bus) + sizeof(struct adb_request);
>                  bus = kzalloc(sz, GFP_KERNEL);
> -               if (bus == NULL)
> +               if (bus == NULL) {
> +                       of_node_put(busnode);

We are in a loop, what happens when kzalloc() succeded in the first 
iteration but not in a further iteration ? In that case we have already 
registered some bus which references busnode as bus->busnode so it just 
can't but put.

>                          return;
> +               }
> 
>                  bus->controller = busnode;
>                  bus->busnode = busnode;
> @@ -928,6 +930,7 @@ static void __init smu_i2c_probe(void)
>                  bus = kzalloc(sz, GFP_KERNEL);
>                  if (bus == NULL) {
>                          of_node_put(busnode);
> +                       of_node_put(controller);
>                          return;
>                  }
> 
> --
> 2.39.5 (Apple Git-154)
> 
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ