If 'idev->info' is NULL, we need to free 'listener'
Fixes: 57c5f4df0a5a ("uio: fix crash after the device is unregistered")
Signed-off-by: Liu Jian <[email protected]>
---
v1->v2:
rename the "err_infoopen" to "err_idev_info"
v2->3:
put the extra info after the "--"
v3-v4:
add git log
v4-v5:
correct git log
drivers/uio/uio.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index 1313422..b4ae2d9 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -491,18 +491,19 @@ static int uio_open(struct inode *inode, struct file *filep)
if (!idev->info) {
mutex_unlock(&idev->info_lock);
ret = -EINVAL;
- goto err_alloc_listener;
+ goto err_idev_info;
}
if (idev->info && idev->info->open)
ret = idev->info->open(idev->info, inode);
mutex_unlock(&idev->info_lock);
if (ret)
- goto err_infoopen;
+ goto err_idev_info;
return 0;
-err_infoopen:
+err_idev_info:
+ filep->private_data = NULL;
kfree(listener);
err_alloc_listener:
--
2.7.4
On Wed, Jan 23, 2019 at 06:38:24AM +0800, Liu Jian wrote:
> If 'idev->info' is NULL, we need to free 'listener'
>
> Fixes: 57c5f4df0a5a ("uio: fix crash after the device is unregistered")
> Signed-off-by: Liu Jian <[email protected]>
> ---
> v1->v2:
> rename the "err_infoopen" to "err_idev_info"
> v2->3:
> put the extra info after the "--"
> v3-v4:
> add git log
> v4-v5:
> correct git log
>
> drivers/uio/uio.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
> index 1313422..b4ae2d9 100644
> --- a/drivers/uio/uio.c
> +++ b/drivers/uio/uio.c
> @@ -491,18 +491,19 @@ static int uio_open(struct inode *inode, struct file *filep)
> if (!idev->info) {
> mutex_unlock(&idev->info_lock);
> ret = -EINVAL;
> - goto err_alloc_listener;
> + goto err_idev_info;
> }
>
> if (idev->info && idev->info->open)
> ret = idev->info->open(idev->info, inode);
> mutex_unlock(&idev->info_lock);
> if (ret)
> - goto err_infoopen;
> + goto err_idev_info;
>
> return 0;
>
> -err_infoopen:
> +err_idev_info:
> + filep->private_data = NULL;
> kfree(listener);
>
> err_alloc_listener:
> --
> 2.7.4
>
This does not apply to my tree at all :(
Please rebase it against the char-misc-next branch of my char-misc.git
tree and resend.
thanks,
greg k-h
> -----Original Message-----
> From: Greg KH [mailto:[email protected]]
> Sent: Thursday, January 31, 2019 11:36 PM
> To: liujian (CE) <[email protected]>
> Cc: [email protected]; [email protected]
> Subject: Re: [PATCH v5] driver: uio: fix possible memory leak in uio_open
>
> On Wed, Jan 23, 2019 at 06:38:24AM +0800, Liu Jian wrote:
> > If 'idev->info' is NULL, we need to free 'listener'
> >
> > Fixes: 57c5f4df0a5a ("uio: fix crash after the device is
> > unregistered")
> > Signed-off-by: Liu Jian <[email protected]>
> > ---
> > v1->v2:
> > rename the "err_infoopen" to "err_idev_info"
> > v2->3:
> > put the extra info after the "--"
> > v3-v4:
> > add git log
> > v4-v5:
> > correct git log
> >
> > drivers/uio/uio.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c index
> > 1313422..b4ae2d9 100644
> > --- a/drivers/uio/uio.c
> > +++ b/drivers/uio/uio.c
> > @@ -491,18 +491,19 @@ static int uio_open(struct inode *inode, struct
> file *filep)
> > if (!idev->info) {
> > mutex_unlock(&idev->info_lock);
> > ret = -EINVAL;
> > - goto err_alloc_listener;
> > + goto err_idev_info;
> > }
> >
> > if (idev->info && idev->info->open)
> > ret = idev->info->open(idev->info, inode);
> > mutex_unlock(&idev->info_lock);
> > if (ret)
> > - goto err_infoopen;
> > + goto err_idev_info;
> >
> > return 0;
> >
> > -err_infoopen:
> > +err_idev_info:
> > + filep->private_data = NULL;
> > kfree(listener);
> >
> > err_alloc_listener:
> > --
> > 2.7.4
> >
>
> This does not apply to my tree at all :(
I am sorry to have sent so many versions, during which this issue has been resolved by commit 1e09cdd506c8833a9d52cb61009798660cff4051.
So please ignore this patch , and thank you and Xiubo Li in this patch~
> Please rebase it against the char-misc-next branch of my char-misc.git
> tree and resend.
>
> thanks,
>
> greg k-h