Re: [PATCH RESEND] i2c: core: Fix possible memleak in i2c_register_adapter()

[Wolfram Sang]

On Thu, Sep 28, 2023 at 09:27:09AM +0800, Li Zetao wrote:
> There is a memory leak reported by kmemleak:
> 
> unreferenced object 0xffff88818be6dcb8 (size 8):
>   comm "modprobe", pid 1022129, jiffies 4363911608 (age 43.838s)
>     hex dump (first 8 bytes):
>       69 32 63 2d 30 00 6b a5                          i2c-0.k.
>     backtrace:
>       [<ffffffff812f588f>] __kmem_cache_alloc_node+0x2cf/0x4b0
>       [<ffffffff81283c43>] __kmalloc_node_track_caller+0x53/0x140
>       [<ffffffff81604b0a>] kvasprintf+0x6a/0xd0
>       [<ffffffff81604be7>] kvasprintf_const+0x77/0xa0
>       [<ffffffff81a00173>] kobject_set_name_vargs+0x23/0x90
>       [<ffffffff817bf743>] dev_set_name+0x53/0x70
>       [<ffffffffa023ebb2>] i2c_register_adapter+0x112/0x6c0 [i2c_core]
>       [<ffffffffa023f268>] i2c_add_adapter+0x78/0xc0 [i2c_core]
>       [<ffffffffa0300182>] piix4_add_adapter+0x132/0x210 [i2c_piix4]
>       [<ffffffffa0300535>] piix4_probe+0x2d5/0x5f4 [i2c_piix4]
>       ...
> 
> The root cause was traced to an error handing path in
> i2c_register_adapter() when device_register() fails. After
> calling dev_set_name() which called by i2c_register_adapter(),
> the put_device() should be used to give up the device reference
> in error handling path in order to free "kobj->name" alloced
> in dev_set_name().
> 
> Fix it by calling put_device() when device_register() fails in
> i2c_register_adapter(). In addition, when i2c_adapter device
> is released, i2c_adapter_dev_release() is called, in which
> "dev_released" must be initialized, otherwise a kernel bug
> will be triggered.
> 
> Fixes: b119c6c952a0 ("i2c: __must_check fixes (core drivers)")
> Signed-off-by: Li Zetao <lizetao1@xxxxxxxxxx>

Applied to for-next, thanks!

Attachment: signature.asc
Description: PGP signature