From: Qiushi Wu <[email protected]>
kobject_init_and_add() should be handled when it return an error,
because kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object. Previous
commit "b8eb718348b8" fixed a similar problem. Thus replace calling
kfree() by calling kobject_put().
Signed-off-by: Qiushi Wu <[email protected]>
---
drivers/scsi/iscsi_boot_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/iscsi_boot_sysfs.c b/drivers/scsi/iscsi_boot_sysfs.c
index e4857b728033..a64abe38db2d 100644
--- a/drivers/scsi/iscsi_boot_sysfs.c
+++ b/drivers/scsi/iscsi_boot_sysfs.c
@@ -352,7 +352,7 @@ iscsi_boot_create_kobj(struct iscsi_boot_kset *boot_kset,
boot_kobj->kobj.kset = boot_kset->kset;
if (kobject_init_and_add(&boot_kobj->kobj, &iscsi_boot_ktype,
NULL, name, index)) {
- kfree(boot_kobj);
+ kobject_put(&boot_kobj->kobj);
return NULL;
}
boot_kobj->data = data;
--
2.17.1
On 5/28/20 1:13 PM, [email protected] wrote:
> From: Qiushi Wu <[email protected]>
>
> kobject_init_and_add() should be handled when it return an error,
> because kobject_init_and_add() takes reference even when it fails.
> If this function returns an error, kobject_put() must be called to
> properly clean up the memory associated with the object. Previous
> commit "b8eb718348b8" fixed a similar problem. Thus replace calling
> kfree() by calling kobject_put().
>
> Signed-off-by: Qiushi Wu <[email protected]>
> ---
> drivers/scsi/iscsi_boot_sysfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/iscsi_boot_sysfs.c b/drivers/scsi/iscsi_boot_sysfs.c
> index e4857b728033..a64abe38db2d 100644
> --- a/drivers/scsi/iscsi_boot_sysfs.c
> +++ b/drivers/scsi/iscsi_boot_sysfs.c
> @@ -352,7 +352,7 @@ iscsi_boot_create_kobj(struct iscsi_boot_kset *boot_kset,
> boot_kobj->kobj.kset = boot_kset->kset;
> if (kobject_init_and_add(&boot_kobj->kobj, &iscsi_boot_ktype,
> NULL, name, index)) {
> - kfree(boot_kobj);
> + kobject_put(&boot_kobj->kobj);
> return NULL;
> }
> boot_kobj->data = data;
>
Reviewed-by: Lee Duncan <[email protected]>
On Thu, 28 May 2020 15:13:53 -0500, [email protected] wrote:
> kobject_init_and_add() should be handled when it return an error,
> because kobject_init_and_add() takes reference even when it fails.
> If this function returns an error, kobject_put() must be called to
> properly clean up the memory associated with the object. Previous
> commit "b8eb718348b8" fixed a similar problem. Thus replace calling
> kfree() by calling kobject_put().
Applied to 5.8/scsi-queue, thanks!
[1/1] scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
https://git.kernel.org/mkp/scsi/c/0267ffce562c
--
Martin K. Petersen Oracle Linux Engineering