From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Yang Yingliang <yangyingliang@huawei.com>,
Ulf Hansson <ulf.hansson@linaro.org>
Subject: [PATCH 5.15 44/83] mmc: sdio: fix possible resource leaks in some error paths
Date: Mon, 20 Feb 2023 14:36:17 +0100 [thread overview]
Message-ID: <20230220133555.212775847@linuxfoundation.org> (raw)
In-Reply-To: <20230220133553.669025851@linuxfoundation.org>
From: Yang Yingliang <yangyingliang@huawei.com>
commit 605d9fb9556f8f5fb4566f4df1480f280f308ded upstream.
If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can
not release the resources, because the sdio function is not presented
in these two cases, it won't call of_node_put() or put_device().
To fix these leaks, make sdio_func_present() only control whether
device_del() needs to be called or not, then always call of_node_put()
and put_device().
In error case in sdio_init_func(), the reference of 'card->dev' is
not get, to avoid redundant put in sdio_free_func_cis(), move the
get_device() to sdio_alloc_func() and put_device() to sdio_release_func(),
it can keep the get/put function be balanced.
Without this patch, while doing fault inject test, it can get the
following leak reports, after this fix, the leak is gone.
unreferenced object 0xffff888112514000 (size 2048):
comm "kworker/3:2", pid 65, jiffies 4294741614 (age 124.774s)
hex dump (first 32 bytes):
00 e0 6f 12 81 88 ff ff 60 58 8d 06 81 88 ff ff ..o.....`X......
10 40 51 12 81 88 ff ff 10 40 51 12 81 88 ff ff .@Q......@Q.....
backtrace:
[<000000009e5931da>] kmalloc_trace+0x21/0x110
[<000000002f839ccb>] mmc_alloc_card+0x38/0xb0 [mmc_core]
[<0000000004adcbf6>] mmc_sdio_init_card+0xde/0x170 [mmc_core]
[<000000007538fea0>] mmc_attach_sdio+0xcb/0x1b0 [mmc_core]
[<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]
unreferenced object 0xffff888112511000 (size 2048):
comm "kworker/3:2", pid 65, jiffies 4294741623 (age 124.766s)
hex dump (first 32 bytes):
00 40 51 12 81 88 ff ff e0 58 8d 06 81 88 ff ff .@Q......X......
10 10 51 12 81 88 ff ff 10 10 51 12 81 88 ff ff ..Q.......Q.....
backtrace:
[<000000009e5931da>] kmalloc_trace+0x21/0x110
[<00000000fcbe706c>] sdio_alloc_func+0x35/0x100 [mmc_core]
[<00000000c68f4b50>] mmc_attach_sdio.cold.18+0xb1/0x395 [mmc_core]
[<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]
Fixes: 3d10a1ba0d37 ("sdio: fix reference counting in sdio_remove_func()")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230130125808.3471254-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/sdio_bus.c | 17 ++++++++++++++---
drivers/mmc/core/sdio_cis.c | 12 ------------
2 files changed, 14 insertions(+), 15 deletions(-)
--- a/drivers/mmc/core/sdio_bus.c
+++ b/drivers/mmc/core/sdio_bus.c
@@ -293,6 +293,12 @@ static void sdio_release_func(struct dev
if (!(func->card->quirks & MMC_QUIRK_NONSTD_SDIO))
sdio_free_func_cis(func);
+ /*
+ * We have now removed the link to the tuples in the
+ * card structure, so remove the reference.
+ */
+ put_device(&func->card->dev);
+
kfree(func->info);
kfree(func->tmpbuf);
kfree(func);
@@ -323,6 +329,12 @@ struct sdio_func *sdio_alloc_func(struct
device_initialize(&func->dev);
+ /*
+ * We may link to tuples in the card structure,
+ * we need make sure we have a reference to it.
+ */
+ get_device(&func->card->dev);
+
func->dev.parent = &card->dev;
func->dev.bus = &sdio_bus_type;
func->dev.release = sdio_release_func;
@@ -376,10 +388,9 @@ int sdio_add_func(struct sdio_func *func
*/
void sdio_remove_func(struct sdio_func *func)
{
- if (!sdio_func_present(func))
- return;
+ if (sdio_func_present(func))
+ device_del(&func->dev);
- device_del(&func->dev);
of_node_put(func->dev.of_node);
put_device(&func->dev);
}
--- a/drivers/mmc/core/sdio_cis.c
+++ b/drivers/mmc/core/sdio_cis.c
@@ -404,12 +404,6 @@ int sdio_read_func_cis(struct sdio_func
return ret;
/*
- * Since we've linked to tuples in the card structure,
- * we must make sure we have a reference to it.
- */
- get_device(&func->card->dev);
-
- /*
* Vendor/device id is optional for function CIS, so
* copy it from the card structure as needed.
*/
@@ -434,11 +428,5 @@ void sdio_free_func_cis(struct sdio_func
}
func->tuples = NULL;
-
- /*
- * We have now removed the link to the tuples in the
- * card structure, so remove the reference.
- */
- put_device(&func->card->dev);
}
next prev parent reply other threads:[~2023-02-20 13:52 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-20 13:35 [PATCH 5.15 00/83] 5.15.95-rc1 review Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 01/83] mptcp: fix locking for in-kernel listener creation Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 02/83] kprobes: treewide: Cleanup the error messages for kprobes Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 03/83] riscv: kprobe: Fixup misaligned load text Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 04/83] ACPI / x86: Add support for LPS0 callback handler Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 05/83] ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 06/83] ASoC: Intel: sof_cs42l42: " Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 07/83] selftests/bpf: Verify copy_register_state() preserves parent/live fields Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 08/83] ALSA: hda: Do not unset preset when cleaning up codec Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 09/83] bpf, sockmap: Dont let sock_map_{close,destroy,unhash} call itself Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 10/83] ASoC: cs42l56: fix DT probe Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 11/83] tools/virtio: fix the vringh test for virtio ring changes Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 12/83] net/rose: Fix to not accept on connected socket Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 13/83] net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 14/83] drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 15/83] net: sched: sch: Bounds check priority Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 16/83] s390/decompressor: specify __decompress() buf len to avoid overflow Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 17/83] nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 18/83] drm/amd/display: Properly handle additional cases where DCN is not supported Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 19/83] platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 20/83] nvmem: core: add error handling for dev_set_name Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 21/83] nvmem: core: fix cleanup after dev_set_name() Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 22/83] nvmem: core: fix registration vs use race Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 23/83] nvmem: core: fix return value Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 24/83] xfs: zero inode fork buffer at allocation Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 25/83] xfs: fix potential log item leak Greg Kroah-Hartman
2023-02-20 13:35 ` [PATCH 5.15 26/83] xfs: detect self referencing btree sibling pointers Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 27/83] xfs: set XFS_FEAT_NLINK correctly Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 28/83] xfs: validate v5 feature fields Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 29/83] xfs: avoid unnecessary runtime sibling pointer endian conversions Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 30/83] xfs: dont assert fail on perag references on teardown Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 31/83] xfs: assert in xfs_btree_del_cursor should take into account error Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 32/83] xfs: purge dquots after inode walk fails during quotacheck Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 33/83] xfs: dont leak btree cursor when insrec fails after a split Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 34/83] mptcp: do not wait for bare sockets timeout Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 35/83] aio: fix mremap after fork null-deref Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 36/83] drm/amd/display: Fail atomic_check early on normalize_zpos error Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 37/83] platform/x86: amd-pmc: Export Idlemask values based on the APU Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 38/83] platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 39/83] platform/x86: amd-pmc: Correct usage of SMU version Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 40/83] platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 41/83] netfilter: nft_tproxy: restrict to prerouting hook Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 42/83] tcp: Fix listen() regression in 5.15.88 Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 43/83] mmc: jz4740: Work around bug on JZ4760(B) Greg Kroah-Hartman
2023-02-20 13:36 ` Greg Kroah-Hartman [this message]
2023-02-20 13:36 ` [PATCH 5.15 45/83] mmc: mmc_spi: fix error handling in mmc_spi_probe() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 46/83] ALSA: hda/conexant: add a new hda codec SN6180 Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 47/83] ALSA: hda/realtek - fixed wrong gpio assigned Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 48/83] sched/psi: Fix use-after-free in ep_remove_wait_queue() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 49/83] hugetlb: check for undefined shift on 32 bit architectures Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 50/83] of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 51/83] selftest/lkdtm: Skip stack-entropy test if lkdtm is not available Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 52/83] Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 53/83] net: Fix unwanted sign extension in netdev_stats_to_stats64() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 54/83] revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 55/83] ixgbe: allow to increase MTU to 3K with XDP enabled Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 56/83] i40e: add double of VLAN header when computing the max MTU Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 57/83] net: bgmac: fix BCM5358 support by setting correct flags Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 58/83] net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 59/83] sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 60/83] net/sched: tcindex: update imperfect hash filters respecting rcu Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 61/83] dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 62/83] net/usb: kalmia: Dont pass act_len in usb_bulk_msg error path Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 63/83] net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 64/83] net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 65/83] bnxt_en: Fix mqprio and XDP ring checking logic Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 66/83] net: stmmac: Restrict warning on disabling DMA store and fwd mode Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 67/83] net: mpls: fix stale pointer if allocation fails during device rename Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 68/83] ixgbe: add double of VLAN header when computing the max MTU Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 69/83] ipv6: Fix datagram socket connection with DSCP Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 70/83] ipv6: Fix tcp " Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 71/83] nilfs2: fix underflow in second superblock position calculations Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 72/83] mm/filemap: fix page end in filemap_get_read_batch Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 73/83] drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 74/83] drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 75/83] flow_offload: fill flags to action structure Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 76/83] net/sched: act_ctinfo: use percpu stats Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 77/83] i40e: Add checking for null for nlmsg_find_attr() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 78/83] net/sched: tcindex: search key must be 16 bits Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 79/83] kvm: initialize all of the kvm_debugregs structure before sending it to userspace Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 80/83] alarmtimer: Prevent starvation by small intervals and SIG_IGN Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 81/83] ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 82/83] net: sched: sch: Fix off by one in htb_activate_prios() Greg Kroah-Hartman
2023-02-20 13:36 ` [PATCH 5.15 83/83] platform/x86/amd: pmc: add CONFIG_SERIO dependency Greg Kroah-Hartman
2023-02-21 4:10 ` [PATCH 5.15 00/83] 5.15.95-rc1 review Bagas Sanjaya
2023-02-21 7:09 ` Naresh Kamboju
2023-02-21 12:04 ` Ron Economos
2023-02-21 14:57 ` Sudip Mukherjee (Codethink)
2023-02-21 16:21 ` Guenter Roeck
2023-02-21 20:10 ` Florian Fainelli
2023-02-21 23:48 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230220133555.212775847@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=ulf.hansson@linaro.org \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).