XOR/mint0x33
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mint0x33/drivers
History
Yang Yingliang 92ff03c256 mmc: sdio: fix possible resource leaks in some error paths 
commit 605d9fb9556f8f5fb4566f4df1480f280f308ded upstream.

If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can
not release the resources, because the sdio function is not presented
in these two cases, it won't call of_node_put() or put_device().

To fix these leaks, make sdio_func_present() only control whether
device_del() needs to be called or not, then always call of_node_put()
and put_device().

In error case in sdio_init_func(), the reference of 'card->dev' is
not get, to avoid redundant put in sdio_free_func_cis(), move the
get_device() to sdio_alloc_func() and put_device() to sdio_release_func(),
it can keep the get/put function be balanced.

Without this patch, while doing fault inject test, it can get the
following leak reports, after this fix, the leak is gone.

unreferenced object 0xffff888112514000 (size 2048):
  comm "kworker/3:2", pid 65, jiffies 4294741614 (age 124.774s)
  hex dump (first 32 bytes):
    00 e0 6f 12 81 88 ff ff 60 58 8d 06 81 88 ff ff  ..o.....`X......
    10 40 51 12 81 88 ff ff 10 40 51 12 81 88 ff ff  .@Q......@Q.....
  backtrace:
    [<000000009e5931da>] kmalloc_trace+0x21/0x110
    [<000000002f839ccb>] mmc_alloc_card+0x38/0xb0 [mmc_core]
    [<0000000004adcbf6>] mmc_sdio_init_card+0xde/0x170 [mmc_core]
    [<000000007538fea0>] mmc_attach_sdio+0xcb/0x1b0 [mmc_core]
    [<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]

unreferenced object 0xffff888112511000 (size 2048):
  comm "kworker/3:2", pid 65, jiffies 4294741623 (age 124.766s)
  hex dump (first 32 bytes):
    00 40 51 12 81 88 ff ff e0 58 8d 06 81 88 ff ff  .@Q......X......
    10 10 51 12 81 88 ff ff 10 10 51 12 81 88 ff ff  ..Q.......Q.....
  backtrace:
    [<000000009e5931da>] kmalloc_trace+0x21/0x110
    [<00000000fcbe706c>] sdio_alloc_func+0x35/0x100 [mmc_core]
    [<00000000c68f4b50>] mmc_attach_sdio.cold.18+0xb1/0x395 [mmc_core]
    [<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]

Fixes: 3d10a1ba0d ("sdio: fix reference counting in sdio_remove_func()")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230130125808.3471254-1-yangyingliang@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-02-22 12:46:05 +01:00
..
accessibility
acpi ACPICA: Fix error code path in acpi_ds_call_control_method() 2023-01-18 09:26:30 +01:00
amba
android binder: fix UAF of ref->proc caused by race condition 2022-09-15 12:23:50 +02:00
ata ata: pata_legacy: fix pdc20230_set_piomode() 2022-11-10 15:47:20 +01:00
atm atm: idt77252: fix use-after-free bugs caused by tst_timer 2022-08-25 11:11:33 +02:00
auxdisplay
base driver core: Fix bus_type.match() error handling in __driver_attach() 2023-01-18 09:26:42 +01:00
bcma
block drbd: use after free in drbd_create_device() 2022-11-25 17:36:50 +01:00
bluetooth Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() 2023-01-18 09:26:20 +01:00
bus bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() 2023-02-22 12:46:01 +01:00
cdrom
char tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak 2023-01-18 09:26:36 +01:00
clk clk: st: Fix memory leak in st_of_quadfs_setup() 2023-01-18 09:26:33 +01:00
clocksource clocksource/drivers/sp804: Avoid error on multiple instances 2022-06-14 16:54:00 +02:00
connector
cpufreq x86/devicetable: Move x86 specific macro out of generic code 2022-11-01 19:14:44 +01:00
cpuidle cpuidle: dt: Return the correct numbers of parsed idle states 2023-01-18 09:26:09 +01:00
crypto crypto: n2 - add missing hash statesize 2023-01-18 09:26:38 +01:00
dax
dca
devfreq
dio drivers: dio: fix possible memory leak in dio_init() 2023-01-18 09:26:22 +01:00
dma dmaengine: Fix double increment of client_count in dma_chan_get() 2023-02-06 07:46:30 +01:00
dma-buf
edac EDAC/device: Respect any driver-supplied workqueue polling value 2023-02-06 07:46:31 +01:00
eisa
extcon extcon: Modify extcon device to be created after driver data is set 2022-06-14 16:54:00 +02:00
firewire firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region 2023-02-22 12:46:01 +01:00
firmware efi: Accept version 2 of memory attributes table 2023-02-22 12:46:02 +01:00
fmc
fpga fpga: altera-pr-ip: fix unsigned comparison with less than zero 2022-08-25 11:11:21 +02:00
fsi fsi: core: Check error number after calling ida_simple_get 2022-10-26 13:17:06 +02:00
gpio gpio: amd8111: Fix PCI device reference count leak 2022-12-14 11:26:13 +01:00
gpu drm/radeon/dp: make radeon_dp_get_dp_link_config static 2023-02-06 07:46:33 +01:00
hid HID: betop: check shape of output reports 2023-02-06 07:46:30 +01:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2023-01-18 09:26:26 +01:00
hv Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region 2022-09-28 10:56:52 +02:00
hwmon hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() 2022-12-08 11:16:32 +01:00
hwspinlock
hwtracing intel_th: pci: Add Meteor Lake-P support 2022-08-25 11:11:29 +02:00
i2c i2c: ismt: Fix an out-of-bounds bug in ismt_access() 2023-01-18 09:26:25 +01:00
ide
idle entel_idle: Disable IBRS during long idle 2022-11-01 19:14:45 +01:00
iio iio:adc:twl6030: Enable measurements of VUSB, VBAT and others 2023-02-22 12:46:03 +01:00
infiniband IB/hfi1: Reserve user expected TIDs 2023-02-06 07:46:28 +01:00
input Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" 2023-02-06 07:46:32 +01:00
iommu iommu/amd: Fix ivrs_acpihid cmdline parsing code 2023-01-18 09:26:38 +01:00
ipack
irqchip irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() 2023-01-18 09:26:10 +01:00
isdn mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() 2023-01-18 09:26:28 +01:00
leds
lightnvm
macintosh macintosh/macio-adb: check the return value of ioremap() 2023-01-18 09:26:27 +01:00
mailbox mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg 2022-10-26 13:17:07 +02:00
mcb mcb: mcb-parse: fix error handing in chameleon_parse_gdd() 2023-01-18 09:26:24 +01:00
md dm cache: set needs_check flag after aborting metadata 2023-01-18 09:26:37 +01:00
media media: dvb-core: Fix UAF due to refcount races at releasing 2023-01-18 09:26:38 +01:00
memory memory: of: Fix refcount leak bug in of_get_ddr_timings() 2022-10-26 13:17:02 +02:00
memstick memstick/ms_block: Fix a memory leak 2022-08-25 11:11:21 +02:00
message
mfd mfd: sm501: Add check for platform_driver_register() 2022-10-26 13:17:06 +02:00
misc cxl: Fix refcount leak in cxl_calc_capp_routing 2023-01-18 09:26:27 +01:00
mmc mmc: sdio: fix possible resource leaks in some error paths 2023-02-22 12:46:05 +01:00
mtd mtd: maps: pxa2xx-flash: fix memory leak in probe 2023-01-18 09:26:14 +01:00
mux
net net: USB: Fix wrong-direction WARNING in plusb.c 2023-02-22 12:46:04 +01:00
nfc nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() 2023-01-18 09:26:43 +01:00
ntb
nubus
nvdimm nvdimm: Fix badblocks clear off-by-one error 2022-07-07 17:31:16 +02:00
nvme nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association 2023-02-22 12:46:05 +01:00
nvmem
of of: property: decrement node refcount in of_fwnode_get_reference_args() 2022-12-08 11:16:31 +01:00
oprofile
parisc parisc: led: Fix potential null-ptr-deref in start_task() 2023-01-18 09:26:38 +01:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-25 17:36:50 +01:00
pci PCI/sysfs: Fix double free in error path 2023-01-18 09:26:38 +01:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 16:53:55 +02:00
perf
phy phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() 2023-02-06 07:46:28 +01:00
pinctrl pinctrl: single: fix potential NULL dereference 2023-02-22 12:46:04 +01:00
platform platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe 2023-01-18 09:26:43 +01:00
pnp PNP: fix name memory leak in pnp_alloc_dev() 2023-01-18 09:26:10 +01:00
power power: supply: fix residue sysfs file in error handle route of __power_supply_register() 2023-01-18 09:26:26 +01:00
powercap powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue 2022-10-26 13:17:08 +02:00
pps
ps3
ptp
pwm pwm: lp3943: Fix duty calculation in case period was clamped 2022-06-14 16:53:56 +02:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2023-01-18 09:26:12 +01:00
ras
regulator regulator: da9211: Use irq handler when ready 2023-01-18 09:26:43 +01:00
remoteproc remoteproc: qcom: wcnss: Fix handling of IRQs 2022-08-25 11:11:24 +02:00
reset
rpmsg rpmsg: qcom: glink: replace strncpy() with strscpy_pad() 2022-10-26 13:16:53 +02:00
rtc rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() 2023-01-18 09:26:28 +01:00
s390 s390/lcs: Fix return type of lcs_start_xmit() 2023-01-18 09:26:31 +01:00
sbus
scsi scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress 2023-02-22 12:46:02 +01:00
sfi
sh
sn
soc ARM: ux500: do not directly dereference __iomem 2023-01-18 09:26:36 +01:00
spi spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run 2022-12-08 11:16:29 +01:00
spmi spmi: pmic-arb: correct duplicate APID to PPID mapping logic 2022-10-26 13:17:07 +02:00
ssb
staging comedi: adv_pci1760: Fix PWM instruction handling 2023-02-06 07:46:30 +01:00
target scsi: target: core: Fix warning on RT kernels 2023-02-22 12:46:01 +01:00
tc
tee
thermal thermal: intel_powerclamp: Use first online CPU as control_cpu 2022-10-26 13:17:14 +02:00
thunderbolt thunderbolt: Use the actual buffer in tb_async_error() 2022-09-15 12:23:50 +02:00
tty serial: 8250_dma: Fix DMA Rx rearm race 2023-02-22 12:46:03 +01:00
uio uio: uio_dmem_genirq: Fix deadlock between irq config and handling 2023-01-18 09:26:23 +01:00
usb usb: core: add quirk for Alcor Link AK9563 smartcard reader 2023-02-22 12:46:04 +01:00
uwb
vfio vfio: platform: Do not pass return buffer to ACPI _RST method 2023-01-18 09:26:23 +01:00
vhost vhost/vsock: Use kvmalloc/kvfree for larger packets. 2022-10-26 13:17:00 +02:00
video fbcon: Check font dimension limits 2023-02-22 12:46:02 +01:00
virt
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 20:42:46 +02:00
vlynq
vme vme: Fix error not catched in fake_init() 2023-01-18 09:26:25 +01:00
w1 w1: fix WARNING after calling w1_process() 2023-02-06 07:46:30 +01:00
watchdog watchdog: diag288_wdt: fix __diag288() inline assembly 2023-02-22 12:46:02 +01:00
xen xen/platform-pci: add missing free_irq() in error path 2022-12-08 11:16:31 +01:00
zorro
Kconfig
Makefile