linux/drivers/firewire
Yang Yingliang 4438293822 firewire: core: fix possible memory leak in create_units()
commit 891e0eab32 upstream.

If device_register() fails, the refcount of device is not 0, the name
allocated in dev_set_name() is leaked. To fix this by calling put_device(),
so that it will be freed in callback function kobject_cleanup().

unreferenced object 0xffff9d99035c7a90 (size 8):
  comm "systemd-udevd", pid 168, jiffies 4294672386 (age 152.089s)
  hex dump (first 8 bytes):
    66 77 30 2e 30 00 ff ff                          fw0.0...
  backtrace:
    [<00000000e1d62bac>] __kmem_cache_alloc_node+0x1e9/0x360
    [<00000000bbeaff31>] __kmalloc_node_track_caller+0x44/0x1a0
    [<00000000491f2fb4>] kvasprintf+0x67/0xd0
    [<000000005b960ddc>] kobject_set_name_vargs+0x1e/0x90
    [<00000000427ac591>] dev_set_name+0x4e/0x70
    [<000000003b4e447d>] create_units+0xc5/0x110

fw_unit_release() will be called in the error path, move fw_device_get()
before calling device_register() to keep balanced with fw_device_put() in
fw_unit_release().

Cc: stable@vger.kernel.org
Fixes: 1fa5ae857b ("driver core: get rid of struct device's bus_id string array")
Fixes: a1f64819fe ("firewire: struct device - replace bus_id with dev_name(), dev_set_name()")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-08 08:48:00 +01:00
..
core-card.c firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:30:05 +02:00
core-cdev.c firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region 2023-02-09 11:26:32 +01:00
core-device.c firewire: core: fix possible memory leak in create_units() 2023-12-08 08:48:00 +01:00
core-iso.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
core-topology.c firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:30:05 +02:00
core-transaction.c firewire: remove check of list iterator against head past the loop body 2022-05-12 12:30:05 +02:00
core.h firewire: ohci: Replace zero-length array with flexible-array 2020-06-15 23:08:31 -05:00
init_ohci1394_dma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net.c firewire: net: fix use after free in fwnet_finish_incoming_packet() 2023-08-26 14:23:24 +02:00
nosy-user.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nosy.c firewire: nosy: switch from 'pci_' to 'dma_' API 2021-07-05 22:23:15 +02:00
nosy.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ohci.c firewire: ohci: Use tasklet_disable_in_atomic() where required 2021-03-17 16:34:05 +01:00
ohci.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sbp2.c firewire: remove check of list iterator against head past the loop body 2022-05-12 12:30:05 +02:00