| Message ID | 20221114154556.2985745-1-yangyingliang@huawei.com |
|---|---|
| State | New |
| Headers | show |
| Series | scsi: target: tcm_loop: fix possible name leak in tcm_loop_setup_hba_bus() | expand |
On 11/14/22 9:45 AM, Yang Yingliang wrote: > If tcm_loop_setup_hba_bus() returns error, the name allocated by > dev_set_name() need be freed. As comment of device_register() > says, it should use put_device() to give up the reference in the > error path. So fix this by calling put_device(), then the name > can be freed in kobject_cleanup(). The 'tl_hba' will be freed in > tcm_loop_release_adapter(), so it don't need goto error label in > this case. > > Fixes: 3703b2c5d041 ("[SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module") > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> > --- > drivers/target/loopback/tcm_loop.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c > index 4407b56aa6d1..d3277993ce17 100644 > --- a/drivers/target/loopback/tcm_loop.c > +++ b/drivers/target/loopback/tcm_loop.c > @@ -1072,8 +1072,10 @@ static struct se_wwn *tcm_loop_make_scsi_hba( > * device_register() callbacks in tcm_loop_driver_probe() > */ > ret = tcm_loop_setup_hba_bus(tl_hba, tcm_loop_hba_no_cnt); > - if (ret) > - goto out; > + if (ret) { > + put_device(&tl_hba->dev); > + return ERR_PTR(ret); > + } > Can you put the put_device in tcm_loop_setup_hba_bus? Since tcm_loop_setup_hba_bus does the device release setup and device_register call it seems nicer for tcm_loop_setup_hba_bus to handle the failure as tcm_loop_make_scsi_hba doesn't know about the struct device code.
diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c index 4407b56aa6d1..d3277993ce17 100644 --- a/drivers/target/loopback/tcm_loop.c +++ b/drivers/target/loopback/tcm_loop.c @@ -1072,8 +1072,10 @@ static struct se_wwn *tcm_loop_make_scsi_hba( * device_register() callbacks in tcm_loop_driver_probe() */ ret = tcm_loop_setup_hba_bus(tl_hba, tcm_loop_hba_no_cnt); - if (ret) - goto out; + if (ret) { + put_device(&tl_hba->dev); + return ERR_PTR(ret); + } sh = tl_hba->sh; tcm_loop_hba_no_cnt++;
If tcm_loop_setup_hba_bus() returns error, the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need goto error label in this case. Fixes: 3703b2c5d041 ("[SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- drivers/target/loopback/tcm_loop.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)