From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EE87C4332F for ; Sun, 12 Nov 2023 13:23:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231437AbjKLNXg (ORCPT ); Sun, 12 Nov 2023 08:23:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231426AbjKLNXe (ORCPT ); Sun, 12 Nov 2023 08:23:34 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D2352688; Sun, 12 Nov 2023 05:23:31 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AE1C0C433C8; Sun, 12 Nov 2023 13:23:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1699795410; bh=oeQxXzipiKTrROomkSKOQfIMKX4g0TrcGNCoYvYYMb8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VccTdtBM1VDyq8QmWbilyOImeFI7q+beZKk5+2kZnFUpDdDvBe2yyyhlYaoPIlQ2u NCLvPq6nK3sglfqZPMombYLNdyftkNfa3GhNqMWYFWf7xsjiVa4kLy5y7OyPMAPGt3 VLOL7hMqim7bqLFK92wuNSNtfLaSJyZGO9XhgZKHFU56WyH4wd38unpy3Uyik4Ycdo aJb6DlCt5fu4X2Dy4CK/N4XiuwqQjUOAdyaIMR/4mKgCm+eGJeqxlw+FESsESdiDhG gyEpdp7CiSGi4S2JucuoX5AEJ/lok37Fw2I/0T8YVpNDIP6bZ7T1PzPdNZapqWwurh 6zKgRgTTMCbJg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Wolfram Sang , Yang Yingliang , Wolfram Sang , Sasha Levin , linux-i2c@vger.kernel.org Subject: [PATCH AUTOSEL 6.6 3/7] i2c: fix memleak in i2c_new_client_device() Date: Sun, 12 Nov 2023 08:23:12 -0500 Message-ID: <20231112132323.174148-3-sashal@kernel.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231112132323.174148-1-sashal@kernel.org> References: <20231112132323.174148-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.6.1 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wolfram Sang [ Upstream commit 6af79f7fe748fe6a3c5c3a63d7f35981a82c2769 ] Yang Yingliang reported a memleak: === I got memory leak as follows when doing fault injection test: unreferenced object 0xffff888014aec078 (size 8): comm "xrun", pid 356, jiffies 4294910619 (age 16.332s) hex dump (first 8 bytes): 31 2d 30 30 31 63 00 00 1-001c.. backtrace: [<00000000eb56c0a9>] __kmalloc_track_caller+0x1a6/0x300 [<000000000b220ea3>] kvasprintf+0xad/0x140 [<00000000b83203e5>] kvasprintf_const+0x62/0x190 [<000000002a5eab37>] kobject_set_name_vargs+0x56/0x140 [<00000000300ac279>] dev_set_name+0xb0/0xe0 [<00000000b66ebd6f>] i2c_new_client_device+0x7e4/0x9a0 If device_register() returns error in i2c_new_client_device(), the name allocated by i2c_dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. === I think this solution is less intrusive and more robust than he originally proposed solutions, though. Reported-by: Yang Yingliang Closes: http://patchwork.ozlabs.org/project/linux-i2c/patch/20221124085448.3620240-1-yangyingliang@huawei.com/ Signed-off-by: Wolfram Sang Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin --- drivers/i2c/i2c-core-base.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c index 60746652fd525..7f30bcceebaed 100644 --- a/drivers/i2c/i2c-core-base.c +++ b/drivers/i2c/i2c-core-base.c @@ -931,8 +931,9 @@ int i2c_dev_irq_from_resources(const struct resource *resources, struct i2c_client * i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *info) { - struct i2c_client *client; - int status; + struct i2c_client *client; + bool need_put = false; + int status; client = kzalloc(sizeof *client, GFP_KERNEL); if (!client) @@ -970,7 +971,6 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf client->dev.fwnode = info->fwnode; device_enable_async_suspend(&client->dev); - i2c_dev_set_name(adap, client, info); if (info->swnode) { status = device_add_software_node(&client->dev, info->swnode); @@ -982,6 +982,7 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf } } + i2c_dev_set_name(adap, client, info); status = device_register(&client->dev); if (status) goto out_remove_swnode; @@ -993,6 +994,7 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf out_remove_swnode: device_remove_software_node(&client->dev); + need_put = true; out_err_put_of_node: of_node_put(info->of_node); out_err: @@ -1000,7 +1002,10 @@ i2c_new_client_device(struct i2c_adapter *adap, struct i2c_board_info const *inf "Failed to register i2c client %s at 0x%02x (%d)\n", client->name, client->addr, status); out_err_silent: - kfree(client); + if (need_put) + put_device(&client->dev); + else + kfree(client); return ERR_PTR(status); } EXPORT_SYMBOL_GPL(i2c_new_client_device); -- 2.42.0