From 47a1db8e797da01a1309bf42e0c0d771d4e4d4f3 Mon Sep 17 00:00:00 2001

From: Johan Hovold <johan@kernel.org>

Date: Wed, 1 Dec 2021 14:25:26 +0100

Subject: [PATCH] firmware: qemu_fw_cfg: fix kobject leak in probe error path

Git-commit: 47a1db8e797da01a1309bf42e0c0d771d4e4d4f3

Alt-commit: 6004e351da50565fb561be85d45151dc9c370023

Patch-mainline: v5.17-rc1

References: git-fixes

An initialised kobject must be freed using kobject_put() to avoid

leaking associated resources (e.g. the object name).

Commit fe3c60684377 ("firmware: Fix a reference count leak.") "fixed"

the leak in the first error path of the file registration helper but

left the second one unchanged. This "fix" would however result in a NULL

pointer dereference due to the release function also removing the never

added entry from the fw_cfg_entry_cache list. This has now been

addressed.

Fix the remaining kobject leak by restoring the common error path and

adding the missing kobject_put().

Fixes: 75f3e8e47f38 ("firmware: introduce sysfs driver for QEMU's fw_cfg device")

Cc: stable@vger.kernel.org      # 4.6

Cc: Gabriel Somlo <somlo@cmu.edu>

Signed-off-by: Johan Hovold <johan@kernel.org>

Link: https://lore.kernel.org/r/20211201132528.30025-3-johan@kernel.org

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Acked-by: Takashi Iwai <tiwai@suse.de>

---

 drivers/firmware/qemu_fw_cfg.c | 13 ++++++-------

 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/drivers/firmware/qemu_fw_cfg.c b/drivers/firmware/qemu_fw_cfg.c

index a9c64ebfc49a..ccb7ed62452f 100644

--- a/drivers/firmware/qemu_fw_cfg.c

+++ b/drivers/firmware/qemu_fw_cfg.c

@@ -603,15 +603,13 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f)

 	/* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */

 	err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype,

 				   fw_cfg_sel_ko, "%d", entry->select);

-	if (err) {

-		kobject_put(&entry->kobj);

-		return err;

-	}

+	if (err)

+		goto err_put_entry;

 	/* add raw binary content access */

 	err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw);

 	if (err)

-		goto err_add_raw;

+		goto err_del_entry;

 	/* try adding "/sys/firmware/qemu_fw_cfg/by_name/" symlink */

 	fw_cfg_build_symlink(fw_cfg_fname_kset, &entry->kobj, entry->name);

@@ -620,9 +618,10 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f)

 	fw_cfg_sysfs_cache_enlist(entry);

 	return 0;

-err_add_raw:

+err_del_entry:

 	kobject_del(&entry->kobj);

-	kfree(entry);

+err_put_entry:

+	kobject_put(&entry->kobj);

 	return err;

 }

-- 

2.31.1