Re: [PATCH 4.19 25/48] firmware: Fix a reference count leak.
From: Pavel Machek
Date: Mon Aug 10 2020 - 12:41:59 EST
Hi!
> From: Qiushi Wu <wu000273@xxxxxxx>
>
> [ Upstream commit fe3c60684377d5ad9b0569b87ed3e26e12c8173b ]
>
> kobject_init_and_add() takes reference even when it fails.
> If this function returns an error, kobject_put() must be called to
> properly clean up the memory associated with the object.
> Callback function fw_cfg_sysfs_release_entry() in kobject_put()
> can handle the pointer "entry" properly.
Okay, but... does that mean err_add_raw: should be using
kobject_put(), too (w/o the kfree)? It is strange to have different
error handling for different error paths.
Best regards,
Pavel
> +++ b/drivers/firmware/qemu_fw_cfg.c
> @@ -605,8 +605,10 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f)
> /* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */
> err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype,
> fw_cfg_sel_ko, "%d", entry->select);
> - if (err)
> - goto err_register;
> + if (err) {
> + kobject_put(&entry->kobj);
> + return err;
> + }
>
> /* add raw binary content access */
> err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw);
> @@ -622,7 +624,6 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f)
>
> err_add_raw:
> kobject_del(&entry->kobj);
> -err_register:
> kfree(entry);
> return err;
> }
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Attachment:
signature.asc
Description: Digital signature