Re: [PATCH] firewire: core: fix possible memory leak in create_units()
Brought to you by:
aeb,
bencollins
Menu
▾
▴
Re: [PATCH] firewire: core: fix possible memory leak in create_units()
|
From: Takashi S. <o-t...@sa...> - 2023-11-29 13:41:09
|
Hi,
Thanks for your catching the bug and posting the patch.
On Wed, Nov 29, 2023 at 05:34:08PM +0800, Yang Yingliang wrote:
> From: Yang Yingliang <yan...@hu...>
>
> If device_register() fails, the refcount of device is not 0, the name
> allocated in dev_set_name() is leaked. To fix this by calling put_device(),
> so that it will be freed in callback function kobject_cleanup().
>
> unreferenced object 0xffff9d99035c7a90 (size 8):
> comm "systemd-udevd", pid 168, jiffies 4294672386 (age 152.089s)
> hex dump (first 8 bytes):
> 66 77 30 2e 30 00 ff ff fw0.0...
> backtrace:
> [<00000000e1d62bac>] __kmem_cache_alloc_node+0x1e9/0x360
> [<00000000bbeaff31>] __kmalloc_node_track_caller+0x44/0x1a0
> [<00000000491f2fb4>] kvasprintf+0x67/0xd0
> [<000000005b960ddc>] kobject_set_name_vargs+0x1e/0x90
> [<00000000427ac591>] dev_set_name+0x4e/0x70
> [<000000003b4e447d>] create_units+0xc5/0x110
>
> fw_unit_release() will be called in the error path, move fw_device_get()
> before calling device_register() to keep balanced with fw_device_put() in
> fw_unit_release().
>
> Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
> Fixes: a1f64819fe9f ("firewire: struct device - replace bus_id with dev_name(), dev_set_name()")
> Signed-off-by: Yang Yingliang <yan...@hu...>
> ---
> drivers/firewire/core-device.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)
Applied to for-linus branch. I'll send it to upstream as fix for
v6.7-rc4 within a few days.
Thanks
Takashi Sakamoto
|