firmware: Fix a reference count leak.
authorQiushi Wu <wu000273@umn.edu>
Sat, 13 Jun 2020 19:05:33 +0000 (14:05 -0500)
committerMichael S. Tsirkin <mst@redhat.com>
Wed, 29 Jul 2020 17:13:50 +0000 (13:13 -0400)
kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Callback function fw_cfg_sysfs_release_entry() in kobject_put()
can handle the pointer "entry" properly.

Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Link: https://lore.kernel.org/r/20200613190533.15712-1-wu000273@umn.edu
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
drivers/firmware/qemu_fw_cfg.c

index 039e0f91dba8f5229da95bbaf6fcc9fc55349d27..6945c3c966375a2a7c96991d3094fad5dfd194c7 100644 (file)
@@ -605,8 +605,10 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f)
        /* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */
        err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype,
                                   fw_cfg_sel_ko, "%d", entry->select);
-       if (err)
-               goto err_register;
+       if (err) {
+               kobject_put(&entry->kobj);
+               return err;
+       }
 
        /* add raw binary content access */
        err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw);
@@ -622,7 +624,6 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f)
 
 err_add_raw:
        kobject_del(&entry->kobj);
-err_register:
        kfree(entry);
        return err;
 }