diff mbox series

scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()

Message ID 20221112131010.3757845-1-yangyingliang@huawei.com (mailing list archive)
State Accepted
Headers show
Series scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper() | expand

Commit Message

Yang Yingliang Nov. 12, 2022, 1:10 p.m. UTC
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
it needs be freed, when device_register() returns error.

As comment of device_register() says, it should use put_device()
to give up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(), and
sdbg_host is freed in sdebug_release_adapter().

When the device release is not set, it means the device is not
initialized, we can not call put_device(), in this case, use
kfree() to free memory.

Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/scsi/scsi_debug.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Martin K. Petersen Nov. 26, 2022, 12:20 a.m. UTC | #1
Yang,

> Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
> bus_id string array"), the name of device is allocated dynamically,
> it needs be freed, when device_register() returns error.

Applied to 6.2/scsi-staging, thanks!
Martin K. Petersen Dec. 1, 2022, 3:45 a.m. UTC | #2
On Sat, 12 Nov 2022 21:10:10 +0800, Yang Yingliang wrote:

> Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
> bus_id string array"), the name of device is allocated dynamically,
> it needs be freed, when device_register() returns error.
> 
> As comment of device_register() says, it should use put_device()
> to give up the reference in the error path. So fix this by calling
> put_device(), then the name can be freed in kobject_cleanup(), and
> sdbg_host is freed in sdebug_release_adapter().
> 
> [...]

Applied to 6.2/scsi-queue, thanks!

[1/1] scsi: scsi_debug: fix possible name leak in sdebug_add_host_helper()
      https://git.kernel.org/mkp/scsi/c/e6d773f93a49
diff mbox series

Patch

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 697fc57bc711..104888bed801 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -7329,7 +7329,10 @@  static int sdebug_add_host_helper(int per_host_idx)
 		kfree(sdbg_devinfo->zstate);
 		kfree(sdbg_devinfo);
 	}
-	kfree(sdbg_host);
+	if (sdbg_host->dev.release)
+		put_device(&sdbg_host->dev);
+	else
+		kfree(sdbg_host);
 	pr_warn("%s: failed, errno=%d\n", __func__, -error);
 	return error;
 }