From: Qiushi Wu wu000273@umn.edu
commit fe3c60684377d5ad9b0569b87ed3e26e12c8173b upstream.
kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Callback function fw_cfg_sysfs_release_entry() in kobject_put() can handle the pointer "entry" properly.
Signed-off-by: Qiushi Wu wu000273@umn.edu Link: https://lore.kernel.org/r/20200613190533.15712-1-wu000273@umn.edu Signed-off-by: Michael S. Tsirkin mst@redhat.com [sudip: adjust context] Signed-off-by: Sudip Mukherjee sudipm.mukherjee@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/firmware/qemu_fw_cfg.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/firmware/qemu_fw_cfg.c +++ b/drivers/firmware/qemu_fw_cfg.c @@ -461,8 +461,10 @@ static int fw_cfg_register_file(const st /* register entry under "/sys/firmware/qemu_fw_cfg/by_key/" */ err = kobject_init_and_add(&entry->kobj, &fw_cfg_sysfs_entry_ktype, fw_cfg_sel_ko, "%d", entry->f.select); - if (err) - goto err_register; + if (err) { + kobject_put(&entry->kobj); + return err; + }
/* add raw binary content access */ err = sysfs_create_bin_file(&entry->kobj, &fw_cfg_sysfs_attr_raw); @@ -478,7 +480,6 @@ static int fw_cfg_register_file(const st
err_add_raw: kobject_del(&entry->kobj); -err_register: kfree(entry); return err; }