Inject fault while loading module, kset_register() may fail.
If it fails, the kset.kobj.name allocated by kobject_set_name()
which must be called before a call to kset_register() may be
leaked, since refcount of kobj was set in kset_init().
To mitigate this, we free the name in kset_register() whe
Hi,
On 2022/10/25 5:25, Luben Tuikov wrote:
On 2022-10-24 17:06, Luben Tuikov wrote:
On 2022-10-24 08:19, Yang Yingliang wrote:
Inject fault while loading module, kset_register() may fail.
If it fails, the name allocated by kobject_set_name() which
is called before kset_register() is leaked, b
On 2022/10/24 22:53, Greg KH wrote:
On Mon, Oct 24, 2022 at 10:39:44PM +0800, Yang Yingliang wrote:
On 2022/10/24 21:52, Greg KH wrote:
On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote:
Inject fault while loading module, kset_register() may fail.
If it fails, the name allocated
On 2022/10/24 21:52, Greg KH wrote:
On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote:
Inject fault while loading module, kset_register() may fail.
If it fails, the name allocated by kobject_set_name() which
is called before kset_register() is leaked, because refcount
of kobject i
Inject fault while loading module, kset_register() may fail.
If it fails, the name allocated by kobject_set_name() which
is called before kset_register() is leaked, because refcount
of kobject is hold in kset_init().
As a kset may be embedded in a larger structure which needs
be freed in release()
On 2022/10/21 16:41, Luben Tuikov wrote:
On 2022-10-21 04:24, Luben Tuikov wrote:
On 2022-10-21 04:18, Greg KH wrote:
On Fri, Oct 21, 2022 at 03:55:18AM -0400, Luben Tuikov wrote:
On 2022-10-21 01:37, Greg KH wrote:
On Fri, Oct 21, 2022 at 01:29:31AM -0400, Luben Tuikov wrote:
On 2022-10-2
On 2022/10/21 17:08, Luben Tuikov wrote:
On 2022-10-21 04:59, Yang Yingliang wrote:
On 2022/10/21 16:36, Greg KH wrote:
On Fri, Oct 21, 2022 at 04:24:23PM +0800, Yang Yingliang wrote:
On 2022/10/21 13:37, Greg KH wrote:
On Fri, Oct 21, 2022 at 01:29:31AM -0400, Luben Tuikov wrote:
On 2022-
On 2022/10/21 16:36, Greg KH wrote:
On Fri, Oct 21, 2022 at 04:24:23PM +0800, Yang Yingliang wrote:
On 2022/10/21 13:37, Greg KH wrote:
On Fri, Oct 21, 2022 at 01:29:31AM -0400, Luben Tuikov wrote:
On 2022-10-20 22:20, Yang Yingliang wrote:
The previous discussion link:
https://lore.kernel.
On 2022/10/21 13:34, Luben Tuikov wrote:
On 2022-10-20 22:20, Yang Yingliang wrote:
kset_register() is currently used in some places without calling
kset_put() in error path, because the callers think it should be
kset internal thing to do, but the driver core can not know what
caller doing wi
On 2022/10/21 16:36, Greg KH wrote:
On Fri, Oct 21, 2022 at 04:24:23PM +0800, Yang Yingliang wrote:
On 2022/10/21 13:37, Greg KH wrote:
On Fri, Oct 21, 2022 at 01:29:31AM -0400, Luben Tuikov wrote:
On 2022-10-20 22:20, Yang Yingliang wrote:
The previous discussion link:
https://lore.kernel.
On 2022/10/21 13:37, Greg KH wrote:
On Fri, Oct 21, 2022 at 01:29:31AM -0400, Luben Tuikov wrote:
On 2022-10-20 22:20, Yang Yingliang wrote:
The previous discussion link:
https://lore.kernel.org/lkml/0db486eb-6927-927e-3629-958f8f211...@huawei.com/T/
The very first discussion on this was her
Hi,
On 2022/10/21 13:29, Luben Tuikov wrote:
On 2022-10-20 22:20, Yang Yingliang wrote:
The previous discussion link:
https://lore.kernel.org/lkml/0db486eb-6927-927e-3629-958f8f211...@huawei.com/T/
The very first discussion on this was here:
https://www.spinics.net/lists/dri-devel/msg368077.h
From: Liu Shixin
When insmod ubifs.ko, a kmemleak reported as below:
unreferenced object 0x88817fb1a780 (size 8):
comm "insmod", pid 25265, jiffies 4295239702 (age 100.130s)
hex dump (first 8 bytes):
75 62 69 66 73 00 ff ff ubifs...
backtrace:
[]
If kset_register() fails, the refcount of kobject is not 0,
the name allocated in kobject_set_name(&kset.kobj, ...) is
leaked. Fix this by calling kset_put(), so that it will be
freed in callback function kobject_cleanup().
Cc: sta...@vger.kernel.org
Fixes: a6c40b178092 ("drm/amdgpu: Show IP disco
Inject fault while loading module, kset_register() may fail,
if it fails, but the refcount of kobject is not decreased to
0, the name allocated in kobject_set_name() is leaked. Fix
this by calling kset_put(), so that name can be freed in
callback function kobject_cleanup().
unreferenced object 0xf
Inject fault while loading module, kset_register() may fail, if
it fails, but the refcount of kobject is not decreased to 0, the
name allocated in kobject_set_name() is leaked. To fix this by
calling kset_put(), so that name can be freed in callback function
kobject_cleanup() and 'subdir' is freed
The previous discussion link:
https://lore.kernel.org/lkml/0db486eb-6927-927e-3629-958f8f211...@huawei.com/T/
kset_register() is currently used in some places without calling
kset_put() in error path, because the callers think it should be
kset internal thing to do, but the driver core can not kno
kset_put() can be called from drivers, add null pointer
check to make it more robust.
Signed-off-by: Yang Yingliang
---
include/linux/kobject.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/kobject.h b/include/linux/kobject.h
index 57fb972fea05..e81de8ba41a2
kset_register() is currently used in some places without calling
kset_put() in error path, because the callers think it should be
kset internal thing to do, but the driver core can not know what
caller doing with that memory at times. The memory could be freed
both in kset_put() and error path of c
Inject fault while loading module (e.g. qemu_fw_cfg.ko), kset_register()
may fail in kset_create_and_add(), if it fails, but the refcount of kobject
is not decreased to 0, the name allocated in kset_create() is leaked. To fix
this by calling kset_put(), so that name can be freed in callback functio
Inject fault while loading module (e.g. edac_core.ko), kset_register()
may fail in bus_register(), if it fails, but the refcount of kobject is
not decreased to 0, the name allocated in kobject_set_name() is leaked.
To fix this by calling kset_put(), so that name can be freed in callback
function ko
Inject fault while loading module, kset_register() may fail,
if it fails, but the refcount of kobject is not decreased to
0, the name allocated in kobject_set_name() is leaked. Fix
this by calling kset_put(), so that name can be freed in
callback function kobject_cleanup().
unreferenced object 0xf
Inject fault while loading module, kset_register() may fail,
if it fails, but the refcount of kobject is not decreased to
0, the name allocated in kobject_set_name() is leaked. Fix
this by calling kset_put(), so that name can be freed in
callback function kobject_cleanup().
unreferenced object 0xf
Inject fault while loading module (e.g. pktcdvd.ko), kset_register() may
fail in __class_register(), if it fails, but the refcount of kobject is
not decreased to 0, the name allocated in kobject_set_name() is leaked.
To fix this by calling kfree_const().
unreferenced object 0x888102fa8190 (siz
Inject fault while probing module, kset_register() may fail, if
it fails, but the refcount of kobject is not decreased to 0, the
name allocated in kobject_set_name() is leaked. To fix this by
calling kset_put(), so that name can be freed in callback function
kobject_cleanup() and 'subdir' is freed
25 matches
Mail list logo
