| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Oct 2022 15:58:38 +0300
From: Leon Romanovsky <leon@...nel.org>
To: Yang Yingliang <yangyingliang@...wei.com>
Cc: netdev@...r.kernel.org, yisen.zhuang@...wei.com,
salil.mehta@...wei.com, davem@...emloft.net
Subject: Re: [PATCH net] net: hns: fix possible memory leak in
hnae_ae_register()
On Tue, Oct 18, 2022 at 08:24:51PM +0800, Yang Yingliang wrote:
> Inject fault while probing module, if device_register() fails,
> but the refcount of kobject is not decreased to 0, the name
> allocated in dev_set_name() is leaked. Fix this by calling
> put_device(), so that name can be freed in callback function
> kobject_cleanup().
>
> unreferenced object 0xffff00c01aba2100 (size 128):
> comm "systemd-udevd", pid 1259, jiffies 4294903284 (age 294.152s)
> hex dump (first 32 bytes):
> 68 6e 61 65 30 00 00 00 18 21 ba 1a c0 00 ff ff hnae0....!......
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<0000000034783f26>] slab_post_alloc_hook+0xa0/0x3e0
> [<00000000748188f2>] __kmem_cache_alloc_node+0x164/0x2b0
> [<00000000ab0743e8>] __kmalloc_node_track_caller+0x6c/0x390
> [<000000006c0ffb13>] kvasprintf+0x8c/0x118
> [<00000000fa27bfe1>] kvasprintf_const+0x60/0xc8
> [<0000000083e10ed7>] kobject_set_name_vargs+0x3c/0xc0
> [<000000000b87affc>] dev_set_name+0x7c/0xa0
> [<000000003fd8fe26>] hnae_ae_register+0xcc/0x190 [hnae]
> [<00000000fe97edc9>] hns_dsaf_ae_init+0x9c/0x108 [hns_dsaf]
> [<00000000c36ff1eb>] hns_dsaf_probe+0x548/0x748 [hns_dsaf]
>
> Fixes: 6fe6611ff275 ("net: add Hisilicon Network Subsystem hnae framework support")
> Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
> ---
> drivers/net/ethernet/hisilicon/hns/hnae.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/hisilicon/hns/hnae.c b/drivers/net/ethernet/hisilicon/hns/hnae.c
> index 00fafc0f8512..430eccea8e5e 100644
> --- a/drivers/net/ethernet/hisilicon/hns/hnae.c
> +++ b/drivers/net/ethernet/hisilicon/hns/hnae.c
> @@ -419,8 +419,10 @@ int hnae_ae_register(struct hnae_ae_dev *hdev, struct module *owner)
> hdev->cls_dev.release = hnae_release;
> (void)dev_set_name(&hdev->cls_dev, "hnae%d", hdev->id);
^^^^^^^^^^^^ this is unexpected in netdev code.
> ret = device_register(&hdev->cls_dev);
> - if (ret)
> + if (ret) {
> + put_device(&hdev->cls_dev);
> return ret;
> + }
>
> __module_get(THIS_MODULE);
^^^^^^^^ I'm curious why? I don't see why you need this.
The change itself is ok.
Thanks,
Reviewed-by: Leon Romanovsky <leonro@...dia.com>
Powered by blists - more mailing lists