mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 14:14:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/base
History
Yang Yingliang 8c3e8a6bdb class: fix possible memory leak in __class_register() 
If class_add_groups() returns error, the 'cp->subsys' need be
unregister, and the 'cp' need be freed.

We can not call kset_unregister() here, because the 'cls' will
be freed in callback function class_release() and it's also
freed in caller's error path, it will cause double free.

So fix this by calling kobject_del() and kfree_const(name) to
cleanup kobject. Besides, call kfree() to free the 'cp'.

Fault injection test can trigger this:

unreferenced object 0xffff888102fa8190 (size 8):
  comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)
  hex dump (first 8 bytes):
    70 6b 74 63 64 76 64 00                          pktcdvd.
  backtrace:
    [<00000000e7c7703d>] __kmalloc_track_caller+0x1ae/0x320
    [<000000005e4d70bc>] kstrdup+0x3a/0x70
    [<00000000c2e5e85a>] kstrdup_const+0x68/0x80
    [<000000000049a8c7>] kvasprintf_const+0x10b/0x190
    [<0000000029123163>] kobject_set_name_vargs+0x56/0x150
    [<00000000747219c9>] kobject_set_name+0xab/0xe0
    [<0000000005f1ea4e>] __class_register+0x15c/0x49a

unreferenced object 0xffff888037274000 (size 1024):
  comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s)
  hex dump (first 32 bytes):
    00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff  .@'7.....@'7....
    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
  backtrace:
    [<00000000151f9600>] kmem_cache_alloc_trace+0x17c/0x2f0
    [<00000000ecf3dd95>] __class_register+0x86/0x49a

Fixes: ced6473e74 ("driver core: class: add class_groups support")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221026082803.3458760-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-11-09 14:58:29 +01:00
..
firmware_loader firmware_loader: Fix memory leak in firmware upload 2022-09-01 17:47:27 +02:00
power PM: domains: log failures to register always-on domains 2022-10-04 16:26:11 +02:00
regmap regmap: Updates for v6.1 2022-10-04 19:12:16 -07:00
test driver core: Simplify async probe test code by using ktime_ms_delta() 2021-12-29 10:57:22 +01:00
arch_numa.c mm: percpu: add generic pcpu_populate_pte() function 2022-01-20 08:52:52 +02:00
arch_topology.c RISC-V Patches for the 6.1 Merge Window, Part 1 2022-10-09 13:24:01 -07:00
attribute_container.c driver core: attribute_container: fix W=1 warnings 2021-05-14 13:37:10 +02:00
auxiliary.c Documentation/auxiliary_bus: Move the text into the code 2021-12-03 16:41:50 +01:00
base.h driver core: remove make_class_name declaration 2022-09-09 10:49:54 +02:00
bus.c driver: base: fix UAF when driver_attach failed 2022-05-19 19:28:42 +02:00
cacheinfo.c cacheinfo: Use atomic allocation for percpu cache attributes 2022-07-22 10:04:42 +02:00
class.c class: fix possible memory leak in __class_register() 2022-11-09 14:58:29 +01:00
component.c component: Add common helper for compare/release functions 2022-02-25 12:16:12 +01:00
container.c
core.c driver core: use IS_ERR_OR_NULL() helper in device_create_groups_vargs() 2022-09-24 15:00:38 +02:00
cpu.c x86/bugs: Report AMD retbleed vulnerability 2022-06-27 10:33:59 +02:00
dd.c Linux 6.0-rc5 2022-09-12 16:51:22 +02:00
devcoredump.c devcoredump : Serialize devcd_del work 2022-09-24 14:01:40 +02:00
devres.c devres: Slightly optimize alloc_dr() 2022-09-01 18:17:14 +02:00
devtmpfs.c devtmpfs: fix the dangling pointer of global devtmpfsd thread 2022-06-27 16:41:13 +02:00
driver.c driver core: fix driver_set_override() issue with empty strings 2022-09-05 13:01:34 +02:00
firmware.c
hypervisor.c
init.c init: Initialize noop_backing_dev_info early 2022-06-16 10:55:57 +02:00
isa.c bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
Kconfig devtmpfs: mount with noexec and nosuid 2021-12-30 13:54:42 +01:00
Makefile driver core: Add sysfs support for physical location of a device 2022-04-27 09:51:57 +02:00
map.c driver: base: Prefer unsigned int to bare use of unsigned 2021-07-21 17:30:09 +02:00
memory.c mm: kill is_memblock_offlined() 2022-09-11 20:26:04 -07:00
module.c
node.c - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
physical_location.c driver core: location: Add "back" as a possible output for panel 2022-05-19 19:28:32 +02:00
physical_location.h driver core: Add sysfs support for physical location of a device 2022-04-27 09:51:57 +02:00
pinctrl.c
platform-msi.c platform-msi: Export symbol platform_msi_create_irq_domain() 2022-09-28 14:21:05 +01:00
platform.c Driver core changes for 5.19-rc1 2022-06-03 11:48:47 -07:00
property.c device property: Constify parameter in device_dma_supported() and device_get_dma_attr() 2022-10-22 13:49:55 +02:00
soc.c base: soc: Make soc_device_match() simpler and easier to read 2022-03-18 14:28:07 +01:00
swnode.c software node: fix wrong node passed to find nargs_prop 2021-12-22 18:26:18 +01:00
syscore.c
topology.c drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist 2022-07-15 17:36:33 +02:00
trace.c devres: Enable trace events 2021-06-15 17:14:36 +02:00
trace.h devres: Enable trace events 2021-06-15 17:14:36 +02:00
transport_class.c