Re: [RESEND PATCH] memstick: fix memory leak if card device is never registered
From: Ulf Hansson
Date: Tue Apr 04 2023 - 07:55:23 EST
On Sat, 1 Apr 2023 at 22:03, Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> When calling dev_set_name() memory is allocated for the name for the
> struct device. Once that structure device is registered, or attempted
> to be registerd, with the driver core, the driver core will handle
> cleaning up that memory when the device is removed from the system.
>
> Unfortunatly for the memstick code, there is an error path that causes
> the struct device to never be registered, and so the memory allocated in
> dev_set_name will be leaked. Fix that leak by manually freeing it right
> before the memory for the device is freed.
>
> Cc: Maxim Levitsky <maximlevitsky@xxxxxxxxx>
> Cc: Alex Dubov <oakad@xxxxxxxxx>
> Cc: Ulf Hansson <ulf.hansson@xxxxxxxxxx>
> Cc: "Rafael J. Wysocki" <rafael@xxxxxxxxxx>
> Cc: Hans de Goede <hdegoede@xxxxxxxxxx>
> Cc: Kay Sievers <kay.sievers@xxxxxxxx>
> Cc: linux-mmc@xxxxxxxxxxxxxxx
> Fixes: 0252c3b4f018 ("memstick: struct device - replace bus_id with dev_name(),
> Cc: stable <stable@xxxxxxxxxx>
> Co-developed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Co-developed-by: Mirsad Goran Todorovac <mirsad.todorovac@xxxxxxxxxxxx>
Applied for fixes and by adding Mirsad's sob tag (according to the
other thread [1]), thanks!
Kind regards
Uffe
[1]
https://lore.kernel.org/lkml/c059f486-98a6-aecd-c135-c033612e6b4f@xxxxxxxxxxxx/
> ---
> RESEND as the first version had a corrupted message id and never made it
> to the mailing lists or lore.kernel.org
>
> drivers/memstick/core/memstick.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
> index bf7667845459..bbfaf6536903 100644
> --- a/drivers/memstick/core/memstick.c
> +++ b/drivers/memstick/core/memstick.c
> @@ -410,6 +410,7 @@ static struct memstick_dev *memstick_alloc_card(struct memstick_host *host)
> return card;
> err_out:
> host->card = old_card;
> + kfree_const(card->dev.kobj.name);
> kfree(card);
> return NULL;
> }
> @@ -468,8 +469,10 @@ static void memstick_check(struct work_struct *work)
> put_device(&card->dev);
> host->card = NULL;
> }
> - } else
> + } else {
> + kfree_const(card->dev.kobj.name);
> kfree(card);
> + }
> }
>
> out_power_off:
> --
> 2.40.0
>