Received: by 2002:ab2:5c0e:0:b0:1ef:a325:1205 with SMTP id i14csp11010lqk; Wed, 13 Mar 2024 14:43:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW8Kf0gGIM5Y9UR33nwbmGjmqCg/rkcjoOt0e7LA2a7VpN/XepSK0R967olk3ZQE/x5A1nbiNwMxY/E59ikkVPtfAgYWijCmn55Lm+Ycw== X-Google-Smtp-Source: AGHT+IHuBpXmou5CscIB9yX5BfH4PB7nOn4+9PA5U8ia5YbihXcBxKorZ8BS88cayFiMUZojeRwA X-Received: by 2002:a05:6214:5ec4:b0:691:4219:1418 with SMTP id mn4-20020a0562145ec400b0069142191418mr478698qvb.20.1710366236765; Wed, 13 Mar 2024 14:43:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710366236; cv=pass; d=google.com; s=arc-20160816; b=aWpdzajbzDES4a7yqhsjfpCDkWI4zIUX702y2VDpCPKMiV7ieNUIgpkl4UBF884hSA UCr3I1hzAL7HpZEOKo/6S0ZUg8rJRG8dUa+3qlDQaKGIe6uGbLVOsddtZFWccbJ6pP9S i+C3O3Jm5aAYQaC6xwY7JQWgmLa2ZDHaR0L1fNviKWwn8pAr7QEVKnRjDoRsc+GvI/6N COM1xiqKF7quYvUM2QremrOjAEyY52Ss6fE+9CrqrZnPtSzGG//q7447jJJNGU+QChtp 9X3eS3/ebWjHl0s9DN7WLjOB2IOGT+xaqnBzv5C4AO/jxjGKQcKMRxy57b51d0gz+/Hk DXxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=//9IQ2Bjy84dYdozypKbCzyXROeI0zu6H1k8ketVRKQ=; fh=PgE+T3w2KkqPI0e30A2a1cvyQc4mXxyyyGXk1MQSj4E=; b=s22rr2AWuIrwMfQX7Zgi4bG4+mqt6JyNhYQC97kmVj/fA8rQQudj1ItY7uPG9msCWI ua6mx856htZYDSLe2nYXvqbQpURqkIrTaJU+B8sdsATMI0gNDW+Ss+ENiw3+ogThLG8q zH5N0mXpU9F0NVZJF520Wu9olBrAbqRzADknCQIrOjEb0bNyGCH13R+KiLgRs5c291Wf YLUstPxXhHB89uerw1ck6ANox5lvrYJUPsyRI3IzVDuKxULTZEzpsWJVITE5JKjlB5zv oDUrmSKnl04PXDrn9xhWs2drlJLHjtRwFwFUd1xqVvnzORg4vdQVZDrQ1LEhn8d2SUxD MJ7Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=netrider.rowland.org); spf=pass (google.com: domain of linux-kernel+bounces-102546-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-102546-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=harvard.edu Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id r11-20020a056214124b00b00690f7dcdac2si76687qvv.602.2024.03.13.14.43.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 14:43:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-102546-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=netrider.rowland.org); spf=pass (google.com: domain of linux-kernel+bounces-102546-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-102546-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=harvard.edu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6B2F71C22BAE for ; Wed, 13 Mar 2024 21:43:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B333A54BD3; Wed, 13 Mar 2024 21:43:51 +0000 (UTC) Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by smtp.subspace.kernel.org (Postfix) with SMTP id 0D8B053E07 for ; Wed, 13 Mar 2024 21:43:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.131.102.5 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710366231; cv=none; b=EoNjfqqR9alP0Yj0+hltyGypwh+jBhcm8jT5hdsIVR9BY4h5n/zVEpUyTpofnSwf6bULnj5D9Km7g1XiAtD1QKq9oYlS+8T3n9GIANWQ2doOpquHngQQp2ThSQ6BCCpmNTXrrwhO4CLkQ8wToqBY3SQiKqo5LXC9jolCz1u6scI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710366231; c=relaxed/simple; bh=r4i5ta+jYDvR8K3Bx4rs272ug04BSW8OU6QwJrAcKeA=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=pOwrKCtaM/f4Q7CBB5+SvGenHeJz+ltuc6s/rwd0uoLBzYqB6eXtR1S8S9guqrAsYmzgUt8S1ZXvCqFzDOj2DTgTg4xsfzGYHvSKCup02qdew34kQO4MjslrMBZ+BD8NexSksT1xDoQWXzE/lq6LDNWi5+SqrR96e1b1G8IuzrI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=rowland.harvard.edu; spf=pass smtp.mailfrom=netrider.rowland.org; arc=none smtp.client-ip=192.131.102.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=rowland.harvard.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=netrider.rowland.org Received: (qmail 430978 invoked by uid 1000); 13 Mar 2024 17:43:41 -0400 Date: Wed, 13 Mar 2024 17:43:41 -0400 From: Alan Stern To: Tejun Heo Cc: Bart Van Assche , Greg KH , Kernel development list Subject: [PATCH] fs: sysfs: Fix reference leak in sysfs_break_active_protection() Message-ID: <8a4d3f0f-c5e3-4b70-a188-0ca433f9e6f9@rowland.harvard.edu> References: <2024030428-graph-harmful-1597@gregkh> <416a8311-c725-419a-8b22-74c80207347f@rowland.harvard.edu> <9c2484f4-df62-4d23-97a2-55a160eba55f@rowland.harvard.edu> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released. Fix the leak by adding an explicit kobject_put() call when kn is NULL. Signed-off-by: Alan Stern Fixes: 2afc9166f79b ("scsi: sysfs: Introduce sysfs_{un,}break_active_protection()") Cc: Bart Van Assche Cc: --- fs/sysfs/file.c | 2 ++ 1 file changed, 2 insertions(+) Index: usb-devel/fs/sysfs/file.c =================================================================== --- usb-devel.orig/fs/sysfs/file.c +++ usb-devel/fs/sysfs/file.c @@ -463,6 +463,8 @@ struct kernfs_node *sysfs_break_active_p kn = kernfs_find_and_get(kobj->sd, attr->name); if (kn) kernfs_break_active_protection(kn); + else + kobject_put(kobj); return kn; } EXPORT_SYMBOL_GPL(sysfs_break_active_protection);