Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp650273imu;
        Fri, 11 Jan 2019 06:48:58 -0800 (PST)
X-Google-Smtp-Source: ALg8bN6LeSDZjG6tEmNduFNazB6jJWB+/YO6hsR3CERNYKDO/G3h+VVEy+/aDqAHD3Wq7IFknbSu
X-Received: by 2002:a63:2905:: with SMTP id p5mr8605109pgp.178.1547218138107;
        Fri, 11 Jan 2019 06:48:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547218138; cv=none;
        d=google.com; s=arc-20160816;
        b=BlIQC7cG9MzhiNOzqIQLpeP2CPt4tbgZ+mSB7Pyrd2BrI69FZPMqO2N9A1qME4mCU+
         2IodrJhWjLW+cxjeFHufqDNdoHefeYkTGRLRJBdzk24pSKc/0vrbaquAlbNJsZryt2ip
         8uMlERjoE0r/HxjxKbkR31V34B1NTgSKS8gPb9CcXGrGpqwD19q4EgzGq8xJ6+NExsR+
         ITUQlzZuLWFQBPuToVIJtu//7EIpQSVR1kn3diC69z5/eLKNQprBGBiLcZEcmrZlGgKM
         pQnBvHEVe4SiRedHq00UrQjfEUWrXYY7WmpN+EbJGegtDQIUqkZiobkEnzvffFnAWdzy
         x8vQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=seV/Ow68rgnXhhqSqLiZWv1FaAwhG/M3QUl1N0Kzfp0=;
        b=x5+qwboG52QtKpKOa2AXwOnZeNgctxY1lOJbuKZy/SESzwb1GdgpUtcHQt5JeirXJC
         pCD6s+CsaJLkv2+JbDmxvH8rczkkeKAHWmBv5o3d5fES67Yd/3iOucN8hmfU6YHogC6+
         VnZr+TNmsUByt7+zZsiNvtNs5pNNyoea1BurC/BUx/DJIas4S3s2wVTiUQ3Ko8/S6Cwx
         LQFnFVxm10oINZgdSmhfydnNMgaam9MWrXUd801BRQZT7WbArOVL9mefs4cpBjSy78TI
         jZKaJbJmvrlE4m83Qv8H14R7BJCUGwvGjO1GhGzvxKKWO9erA3fqFxa+b/XGOnBq40rM
         rnIw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=HzGRkove;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e1si1007715pln.55.2019.01.11.06.48.43;
        Fri, 11 Jan 2019 06:48:58 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=HzGRkove;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2404380AbfAKOn3 (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Fri, 11 Jan 2019 09:43:29 -0500
Received: from mail.kernel.org ([198.145.29.99]:36254 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2404355AbfAKOnW (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Jan 2019 09:43:22 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id B12EB21841;
        Fri, 11 Jan 2019 14:43:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1547217802;
        bh=lVAHxWYVszceiDGS7BJnn7DdpClBWDR9oIC27TBZrWQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=HzGRkove3wuNubuHlmJJMFndonjsn2RL8KmMKhODpEWE8UTNxKeeF2PUM3gJDyH8s
         c9BzelkrXZm0h5Wv00WZyTSJYGPi7Do9tBkbstbpYglZZVWeAHSJ0YMQzqMKNYK7U0
         qbWM3tfVLwuibEpRhPILeM/PE4oE5QsyGTJxUNJc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Ammy Yi <ammy.yi@intel.com>
Subject: [PATCH 4.20 47/65] stm class: Fix a module refcount leak in policy creation error path
Date:   Fri, 11 Jan 2019 15:15:33 +0100
Message-Id: <20190111131102.760686276@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190111131055.331350141@linuxfoundation.org>
References: <20190111131055.331350141@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.20-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alexander Shishkin <alexander.shishkin@linux.intel.com>

commit c18614a1a11276837bdd44403d84d207c9951538 upstream.

Commit c7fd62bc69d0 ("stm class: Introduce framing protocol drivers")
adds a bug into the error path of policy creation, that would do a
module_put() on a wrong module, if one tried to create a policy for
an stm device which already has a policy, using a different protocol.
IOW,

| mkdir /config/stp-policy/dummy_stm.0:p_basic.test
| mkdir /config/stp-policy/dummy_stm.0:p_sys-t.test # puts "p_basic"
| mkdir /config/stp-policy/dummy_stm.0:p_sys-t.test # "p_basic" -> -1

throws:

| general protection fault: 0000 [#1] SMP PTI
| CPU: 3 PID: 2887 Comm: mkdir
| RIP: 0010:module_put.part.31+0xe/0x90
| Call Trace:
|  module_put+0x13/0x20
|  stm_put_protocol+0x11/0x20 [stm_core]
|  stp_policy_make+0xf1/0x210 [stm_core]
|  ? __kmalloc+0x183/0x220
|  ? configfs_mkdir+0x10d/0x4c0
|  configfs_mkdir+0x169/0x4c0
|  vfs_mkdir+0x108/0x1c0
|  do_mkdirat+0xe8/0x110
|  __x64_sys_mkdir+0x1b/0x20
|  do_syscall_64+0x5a/0x140
|  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Correct this sad mistake by calling calling 'put' on the correct
reference, which happens to match another error path in the same
function, so we consolidate the two at the same time.

Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Fixes: c7fd62bc69d0 ("stm class: Introduce framing protocol drivers")
Reported-by: Ammy Yi <ammy.yi@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/stm/policy.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

--- a/drivers/hwtracing/stm/policy.c
+++ b/drivers/hwtracing/stm/policy.c
@@ -440,10 +440,8 @@ stp_policy_make(struct config_group *gro
 
 	stm->policy = kzalloc(sizeof(*stm->policy), GFP_KERNEL);
 	if (!stm->policy) {
-		mutex_unlock(&stm->policy_mutex);
-		stm_put_protocol(pdrv);
-		stm_put_device(stm);
-		return ERR_PTR(-ENOMEM);
+		ret = ERR_PTR(-ENOMEM);
+		goto unlock_policy;
 	}
 
 	config_group_init_type_name(&stm->policy->group, name,
@@ -458,7 +456,11 @@ unlock_policy:
 	mutex_unlock(&stm->policy_mutex);
 
 	if (IS_ERR(ret)) {
-		stm_put_protocol(stm->pdrv);
+		/*
+		 * pdrv and stm->pdrv at this point can be quite different,
+		 * and only one of them needs to be 'put'
+		 */
+		stm_put_protocol(pdrv);
 		stm_put_device(stm);
 	}