| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMZdPi-T70vuEinH2F9sRCkmgrEuYpZBWuv_qnio2tOmjXChPQ@mail.gmail.com>
Date: Tue, 18 Oct 2022 15:48:19 +0200
From: Loic Poulain <loic.poulain@...aro.org>
To: Yang Yingliang <yangyingliang@...wei.com>
Cc: netdev@...r.kernel.org, ryazanov.s.a@...il.com,
johannes@...solutions.net, davem@...emloft.net
Subject: Re: [PATCH net] wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
On Tue, 18 Oct 2022 at 15:17, Yang Yingliang <yangyingliang@...wei.com> wrote:
>
> Inject fault while probing module, if device_register() fails,
> but the refcount of kobject is not decreased to 0, the name
> allocated in dev_set_name() is leaked. Fix this by calling
> put_device(), so that name can be freed in callback function
> kobject_cleanup().
>
> unreferenced object 0xffff88810152ad20 (size 8):
> comm "modprobe", pid 252, jiffies 4294849206 (age 22.713s)
> hex dump (first 8 bytes):
> 68 77 73 69 6d 30 00 ff hwsim0..
> backtrace:
> [<000000009c3504ed>] __kmalloc_node_track_caller+0x44/0x1b0
> [<00000000c0228a5e>] kvasprintf+0xb5/0x140
> [<00000000cff8c21f>] kvasprintf_const+0x55/0x180
> [<0000000055a1e073>] kobject_set_name_vargs+0x56/0x150
> [<000000000a80b139>] dev_set_name+0xab/0xe0
>
> Fixes: f36a111a74e7 ("wwan_hwsim: WWAN device simulator")
> Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
Indeed, device_register() must be balanced with a put_device(), even
in the error case, as it includes device initialization.
Reviewed-by: Loic Poulain <loic.poulain@...aro.org>
Powered by blists - more mailing lists