From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Wolfram Sang <wsa+renesas@sang-engineering.com>,
Yang Yingliang <yangyingliang@huawei.com>,
Wolfram Sang <wsa@kernel.org>, Sasha Levin <sashal@kernel.org>,
linux-i2c@vger.kernel.org
Subject: [PATCH AUTOSEL 6.5 3/7] i2c: fix memleak in i2c_new_client_device()
Date: Sun, 12 Nov 2023 08:23:35 -0500 [thread overview]
Message-ID: <20231112132347.174334-3-sashal@kernel.org> (raw)
In-Reply-To: <20231112132347.174334-1-sashal@kernel.org>
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 6af79f7fe748fe6a3c5c3a63d7f35981a82c2769 ]
Yang Yingliang reported a memleak:
===
I got memory leak as follows when doing fault injection test:
unreferenced object 0xffff888014aec078 (size 8):
comm "xrun", pid 356, jiffies 4294910619 (age 16.332s)
hex dump (first 8 bytes):
31 2d 30 30 31 63 00 00 1-001c..
backtrace:
[<00000000eb56c0a9>] __kmalloc_track_caller+0x1a6/0x300
[<000000000b220ea3>] kvasprintf+0xad/0x140
[<00000000b83203e5>] kvasprintf_const+0x62/0x190
[<000000002a5eab37>] kobject_set_name_vargs+0x56/0x140
[<00000000300ac279>] dev_set_name+0xb0/0xe0
[<00000000b66ebd6f>] i2c_new_client_device+0x7e4/0x9a0
If device_register() returns error in i2c_new_client_device(),
the name allocated by i2c_dev_set_name() need be freed. As
comment of device_register() says, it should use put_device()
to give up the reference in the error path.
===
I think this solution is less intrusive and more robust than he
originally proposed solutions, though.
Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Closes: http://patchwork.ozlabs.org/project/linux-i2c/patch/20221124085448.3620240-1-yangyingliang@huawei.com/
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/i2c-core-base.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c
index 60746652fd525..7f30bcceebaed 100644
--- a/drivers/i2c/i2c-core-base.c
+++ b/drivers/i2c/i2c-core-base.c
@@ -931,8 +931,9 @@ int i2c_dev_irq_from_resources(const struct resource *resources,
struct i2c_client *
i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *info)
{
- struct i2c_client *client;
- int status;
+ struct i2c_client *client;
+ bool need_put = false;
+ int status;
client = kzalloc(sizeof *client, GFP_KERNEL);
if (!client)
@@ -970,7 +971,6 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf
client->dev.fwnode = info->fwnode;
device_enable_async_suspend(&client->dev);
- i2c_dev_set_name(adap, client, info);
if (info->swnode) {
status = device_add_software_node(&client->dev, info->swnode);
@@ -982,6 +982,7 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf
}
}
+ i2c_dev_set_name(adap, client, info);
status = device_register(&client->dev);
if (status)
goto out_remove_swnode;
@@ -993,6 +994,7 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf
out_remove_swnode:
device_remove_software_node(&client->dev);
+ need_put = true;
out_err_put_of_node:
of_node_put(info->of_node);
out_err:
@@ -1000,7 +1002,10 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf
"Failed to register i2c client %s at 0x%02x (%d)\n",
client->name, client->addr, status);
out_err_silent:
- kfree(client);
+ if (need_put)
+ put_device(&client->dev);
+ else
+ kfree(client);
return ERR_PTR(status);
}
EXPORT_SYMBOL_GPL(i2c_new_client_device);
--
2.42.0
next prev parent reply other threads:[~2023-11-12 13:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-12 13:23 [PATCH AUTOSEL 6.5 1/7] i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Sasha Levin
2023-11-12 13:23 ` Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 2/7] i2c: i801: Add support for Intel Birch Stream SoC Sasha Levin
2023-11-12 13:23 ` Sasha Levin [this message]
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 4/7] i2c: sun6i-p2wi: Prevent potential division by zero Sasha Levin
2023-11-12 13:23 ` Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 5/7] virtio-blk: fix implicit overflow on virtio_max_dma_size Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 6/7] vhost-vdpa: clean iotlb map during reset for older userspace Sasha Levin
2023-11-12 13:23 ` [PATCH AUTOSEL 6.5 7/7] i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data Sasha Levin
2023-11-12 13:23 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231112132347.174334-3-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-i2c@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=wsa+renesas@sang-engineering.com \
--cc=wsa@kernel.org \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.