lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20251229132526.394235-1-zilin@seu.edu.cn>
Date: Mon, 29 Dec 2025 13:25:26 +0000
From: Zilin Guan <zilin@....edu.cn>
To: matthias.bgg@...il.com
Cc: angelogioacchino.delregno@...labora.com,
	roger.lu@...iatek.com,
	khilman@...libre.com,
	linux-kernel@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org,
	linux-mediatek@...ts.infradead.org,
	Zilin Guan <zilin@....edu.cn>,
	stable@...r.kernel.org,
	Jianhao Xu <jianhao.xu@....edu.cn>
Subject: [PATCH v3] soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()

In svs_enable_debug_write(), the buf allocated by memdup_user_nul()
is leaked if kstrtoint() fails.

Fix this by using __free(kfree) to automatically free buf, eliminating
the need for explicit kfree() calls and preventing leaks.

Fixes: 13f1bbcfb582 ("soc: mediatek: SVS: add debug commands")
Cc: stable@...r.kernel.org
Co-developed-by: Jianhao Xu <jianhao.xu@....edu.cn>
Signed-off-by: Jianhao Xu <jianhao.xu@....edu.cn>
Signed-off-by: Zilin Guan <zilin@....edu.cn>
---
Changes in v3:
- Reduce the scope of the involved local variable.
- Add Cc to stable.

Changes in v2:
- Use __free(kfree) to simplify memory management.

 drivers/soc/mediatek/mtk-svs.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/soc/mediatek/mtk-svs.c b/drivers/soc/mediatek/mtk-svs.c
index f45537546553..475926a606fd 100644
--- a/drivers/soc/mediatek/mtk-svs.c
+++ b/drivers/soc/mediatek/mtk-svs.c
@@ -789,12 +789,11 @@ static ssize_t svs_enable_debug_write(struct file *filp,
 	struct svs_bank *svsb = file_inode(filp)->i_private;
 	struct svs_platform *svsp = dev_get_drvdata(svsb->dev);
 	int enabled, ret;
-	char *buf = NULL;
 
 	if (count >= PAGE_SIZE)
 		return -EINVAL;
 
-	buf = (char *)memdup_user_nul(buffer, count);
+	char *buf __free(kfree) = (char *)memdup_user_nul(buffer, count);
 	if (IS_ERR(buf))
 		return PTR_ERR(buf);
 
@@ -807,8 +806,6 @@ static ssize_t svs_enable_debug_write(struct file *filp,
 		svsb->mode_support = SVSB_MODE_ALL_DISABLE;
 	}
 
-	kfree(buf);
-
 	return count;
 }
 
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ