Re: [PATCH] firewire: core: fix possible memory leak in create_units()
Brought to you by:
aeb,
bencollins
From: Takashi S. <o-t...@sa...> - 2023-11-29 13:41:09
|
Hi, Thanks for your catching the bug and posting the patch. On Wed, Nov 29, 2023 at 05:34:08PM +0800, Yang Yingliang wrote: > From: Yang Yingliang <yan...@hu...> > > If device_register() fails, the refcount of device is not 0, the name > allocated in dev_set_name() is leaked. To fix this by calling put_device(), > so that it will be freed in callback function kobject_cleanup(). > > unreferenced object 0xffff9d99035c7a90 (size 8): > comm "systemd-udevd", pid 168, jiffies 4294672386 (age 152.089s) > hex dump (first 8 bytes): > 66 77 30 2e 30 00 ff ff fw0.0... > backtrace: > [<00000000e1d62bac>] __kmem_cache_alloc_node+0x1e9/0x360 > [<00000000bbeaff31>] __kmalloc_node_track_caller+0x44/0x1a0 > [<00000000491f2fb4>] kvasprintf+0x67/0xd0 > [<000000005b960ddc>] kobject_set_name_vargs+0x1e/0x90 > [<00000000427ac591>] dev_set_name+0x4e/0x70 > [<000000003b4e447d>] create_units+0xc5/0x110 > > fw_unit_release() will be called in the error path, move fw_device_get() > before calling device_register() to keep balanced with fw_device_put() in > fw_unit_release(). > > Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array") > Fixes: a1f64819fe9f ("firewire: struct device - replace bus_id with dev_name(), dev_set_name()") > Signed-off-by: Yang Yingliang <yan...@hu...> > --- > drivers/firewire/core-device.c | 11 ++++------- > 1 file changed, 4 insertions(+), 7 deletions(-) Applied to for-linus branch. I'll send it to upstream as fix for v6.7-rc4 within a few days. Thanks Takashi Sakamoto |