| Message ID | 20200528020109.31664-1-wu000273@umn.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | vfio/mdev: Fix reference count leak in add_mdev_supported_type. | expand |
On Wed, 27 May 2020 21:01:09 -0500 wu000273@umn.edu wrote: > From: Qiushi Wu <wu000273@umn.edu> > > kobject_init_and_add() takes reference even when it fails. > If this function returns an error, kobject_put() must be called to > properly clean up the memory associated with the object. Thus, > replace kfree() by kobject_put() to fix this issue. Previous > commit "b8eb718348b8" fixed a similar problem. > > Fixes: 7b96953bc640 ("vfio: Mediated device Core driver") > Signed-off-by: Qiushi Wu <wu000273@umn.edu> > --- > drivers/vfio/mdev/mdev_sysfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Cornelia Huck <cohuck@redhat.com>
On 5/28/2020 12:32 PM, Cornelia Huck wrote: > On Wed, 27 May 2020 21:01:09 -0500 > wu000273@umn.edu wrote: > >> From: Qiushi Wu <wu000273@umn.edu> >> >> kobject_init_and_add() takes reference even when it fails. >> If this function returns an error, kobject_put() must be called to >> properly clean up the memory associated with the object. Thus, >> replace kfree() by kobject_put() to fix this issue. Previous >> commit "b8eb718348b8" fixed a similar problem. >> >> Fixes: 7b96953bc640 ("vfio: Mediated device Core driver") >> Signed-off-by: Qiushi Wu <wu000273@umn.edu> >> --- >> drivers/vfio/mdev/mdev_sysfs.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) > > Reviewed-by: Cornelia Huck <cohuck@redhat.com> > Thanks for fixing. Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com>
On Wed, 27 May 2020 21:01:09 -0500 wu000273@umn.edu wrote: > From: Qiushi Wu <wu000273@umn.edu> > > kobject_init_and_add() takes reference even when it fails. > If this function returns an error, kobject_put() must be called to > properly clean up the memory associated with the object. Thus, > replace kfree() by kobject_put() to fix this issue. Previous > commit "b8eb718348b8" fixed a similar problem. > > Fixes: 7b96953bc640 ("vfio: Mediated device Core driver") > Signed-off-by: Qiushi Wu <wu000273@umn.edu> > --- Applied to vfio next branch for v5.8 with Connie's and Kirti's reviews. Thanks, Alex > drivers/vfio/mdev/mdev_sysfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c > index 8ad14e5c02bf..917fd84c1c6f 100644 > --- a/drivers/vfio/mdev/mdev_sysfs.c > +++ b/drivers/vfio/mdev/mdev_sysfs.c > @@ -110,7 +110,7 @@ static struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent, > "%s-%s", dev_driver_string(parent->dev), > group->name); > if (ret) { > - kfree(type); > + kobject_put(&type->kobj); > return ERR_PTR(ret); > } >
diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c index 8ad14e5c02bf..917fd84c1c6f 100644 --- a/drivers/vfio/mdev/mdev_sysfs.c +++ b/drivers/vfio/mdev/mdev_sysfs.c @@ -110,7 +110,7 @@ static struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent, "%s-%s", dev_driver_string(parent->dev), group->name); if (ret) { - kfree(type); + kobject_put(&type->kobj); return ERR_PTR(ret); }