lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2026020715-spilt-cupped-aeab@gregkh>
Date: Sat, 7 Feb 2026 08:48:34 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Daniel Hodges <git@...ielhodges.dev>
Cc: Prasanth Ksr <prasanth.ksr@...l.com>, Hans de Goede <hansg@...nel.org>,
	Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>,
	Mario Limonciello <mario.limonciello@...l.com>,
	Divya Bharathi <divya.bharathi@...l.com>,
	Dell.Client.Kernel@...l.com, platform-driver-x86@...r.kernel.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] platform/x86: dell-wmi-sysman: fix kobject leak on
 populate failure

On Fri, Feb 06, 2026 at 06:16:42PM -0500, Daniel Hodges wrote:
> When populate_enum_data(), populate_int_data(), populate_str_data(),
> or populate_po_data() fails after a successful kobject_init_and_add(),
> the code jumps to err_attr_init without calling kobject_put() on
> attr_name_kobj, leaking the kobject and its associated memory.
> 
> Add the missing kobject_put() call before the goto to properly release
> the kobject on error.
> 
> Fixes: e8a60aa7404b ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems")
> Cc: stable@...r.kernel.org
> Signed-off-by: Daniel Hodges <git@...ielhodges.dev>
> ---
>  drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c b/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c
> index f5402b714657..d9f6d24c84d6 100644
> --- a/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c
> +++ b/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c
> @@ -497,6 +497,7 @@ static int init_bios_attributes(int attr_type, const char *guid)
>  		if (retval) {
>  			pr_debug("failed to populate %s\n",
>  				elements[ATTR_NAME].string.pointer);
> +			kobject_put(attr_name_kobj);
>  			goto err_attr_init;
>  		}
>  

The "larger" problem with this driver is its use of raw kobjects.  No
driver should be doing that, it is hiding all of this information from
userspace tools by doing so, and there's loads of race conditions
happening with the creation of these files.  It should be fixed by just
using normal device attributes and not attempting to custom create
kobjects by hand like this (as it is very easy to get things wrong, as
this patch shows.)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ