Bug 4376 - [ANCK 4.19] rbd: fix possible memory leak in rbd_sysfs_init()
Summary: [ANCK 4.19] rbd: fix possible memory leak in rbd_sysfs_init()
Status: RESOLVED FIXED
Alias: None
Product: ANCK 4.19 Dev
Classification: ANCK
Component: drivers (show other bugs) drivers
Version: 4.19-023.x
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: zhangqiangwe
QA Contact: shuming
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-06 17:00 UTC by zhangqiangwe
Modified: 2023-03-06 18:13 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zhangqiangwe 2023-03-06 17:00:25 UTC 
Description of problem:

rbd: fix possible memory leak in rbd_sysfs_init()
If device_register() returns error in rbd_sysfs_init(), name of kobject
which is allocated in dev_set_name() called in device_add() is leaked.

As comment of device_add() says, it should call put_device() to drop
the reference count that was set in device_initialize() when it fails,
so the name can be freed in kobject_cleanup().

Fault injection test can trigger this problem:

unreferenced object 0xffff88810173aa78 (size 8):
  comm "modprobe", pid 247, jiffies 4294714278 (age 31.789s)
  hex dump (first 8 bytes):
    72 62 64 00 81 88 ff ff                          rbd.....
  backtrace:
    [<00000000f58fae56>] __kmalloc_node_track_caller+0x44/0x1b0
    [<00000000bdd44fe7>] kstrdup+0x3a/0x70
    [<00000000f7844d0b>] kstrdup_const+0x63/0x80
    [<000000001b0a0eeb>] kvasprintf_const+0x10b/0x190
    [<00000000a47bd894>] kobject_set_name_vargs+0x56/0x150
    [<00000000d5edbf18>] dev_set_name+0xab/0xe0
    [<00000000f5153e80>] device_add+0x106/0x1f20

Fixes: dfc5606dc513 ("rbd: replace the rbd sysfs interface")

See upstream:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7f21735ffb2648a29e0fc79c4bdcb1b9ed8602cd