projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 57a6683)
staging: gasket: Fix mapping refcnt leak when register/store fails
authorXiyu Yang <xiyuyang19@fudan.edu.cn>
Thu, 23 Apr 2020 05:15:40 +0000 (13:15 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 23 Apr 2020 11:37:25 +0000 (13:37 +0200)
gasket_sysfs_register_store() invokes get_mapping(), which returns a
reference of the specified gasket_sysfs_mapping object to "mapping" with
increased refcnt.

When gasket_sysfs_register_store() returns, local variable "mapping"
becomes invalid, so the refcount should be decreased to keep refcount
balanced.

The reference counting issue happens in one exception handling path of
gasket_sysfs_register_store(). When gasket_dev is NULL, the function
forgets to decrease the refcnt increased by get_mapping(), causing a
refcnt leak.

Fix this issue by calling put_mapping() when gasket_dev is NULL.

Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Link: https://lore.kernel.org/r/1587618941-13718-1-git-send-email-xiyuyang19@fudan.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/gasket/gasket_sysfs.c patch | blob | history

diff --git a/drivers/staging/gasket/gasket_sysfs.c b/drivers/staging/gasket/gasket_sysfs.c
index f24edc3..b4aa8c2 100644 (file)
--- a/drivers/staging/gasket/gasket_sysfs.c
+++ b/drivers/staging/gasket/gasket_sysfs.c
@@ -374,6 +374,7 @@ ssize_t gasket_sysfs_register_store(struct device *device,
        gasket_dev = mapping->gasket_dev;
        if (!gasket_dev) {
                dev_err(device, "Device driver may have been removed\n");
+               put_mapping(mapping);
                return 0;
        }
 
Domain: System / Kernel;