Commit fe3c6068 authored by Qiushi Wu's avatar Qiushi Wu Committed by Michael S. Tsirkin
Browse files

firmware: Fix a reference count leak. 



kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Callback function fw_cfg_sysfs_release_entry() in kobject_put()
can handle the pointer "entry" properly.

Signed-off-by: default avatarQiushi Wu <wu000273@umn.edu>
Link: https://lore.kernel.org/r/20200613190533.15712-1-wu000273@umn.edu


Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent 92ed3019

drivers/firmware/qemu_fw_cfg.c

+4 −3
Original line number Diff line number Diff line
@@ -605,8 +605,10 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f) 
	/* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */

	err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype,

				   fw_cfg_sel_ko, "%d", entry->select);

	if (err)

		goto err_register;

	if (err) {

		kobject_put(&entry->kobj);

		return err;

	}



	/* add raw binary content access */

	err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw);
@@ -622,7 +624,6 @@ static int fw_cfg_register_file(const struct fw_cfg_file *f) 


err_add_raw:

	kobject_del(&entry->kobj);

err_register:

	kfree(entry);

	return err;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE