Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-05-17 06:38:43 +0200
committerJiri Slaby <jslaby@suse.cz>2019-05-17 06:38:48 +0200
commit97fac0bc0bfabf08bc3b936eaaf8df5a372303e0 (patch)
treec4a96a06e4d98ab54a163a47576e9388b0a0414f
parent87bf16a59c6321cb5f55e03728557c794f33ca41 (diff)
bridge: Fix error path for kobject_init_and_add() (bnc#1012628).
-rw-r--r--patches.kernel.org/5.1.3-015-bridge-Fix-error-path-for-kobject_init_and_add.patch70
-rw-r--r--series.conf1
2 files changed, 71 insertions, 0 deletions
diff --git a/patches.kernel.org/5.1.3-015-bridge-Fix-error-path-for-kobject_init_and_add.patch b/patches.kernel.org/5.1.3-015-bridge-Fix-error-path-for-kobject_init_and_add.patch
new file mode 100644
index 0000000000..a93230e25f
--- /dev/null
+++ b/patches.kernel.org/5.1.3-015-bridge-Fix-error-path-for-kobject_init_and_add.patch
@@ -0,0 +1,70 @@
+From: "Tobin C. Harding" <tobin@kernel.org>
+Date: Fri, 10 May 2019 12:52:12 +1000
+Subject: [PATCH] bridge: Fix error path for kobject_init_and_add()
+References: bnc#1012628
+Patch-mainline: 5.1.3
+Git-commit: bdfad5aec1392b93495b77b864d58d7f101dc1c1
+
+[ Upstream commit bdfad5aec1392b93495b77b864d58d7f101dc1c1 ]
+
+Currently error return from kobject_init_and_add() is not followed by a
+call to kobject_put(). This means there is a memory leak. We currently
+set p to NULL so that kfree() may be called on it as a noop, the code is
+arguably clearer if we move the kfree() up closer to where it is
+called (instead of after goto jump).
+
+Remove a goto label 'err1' and jump to call to kobject_put() in error
+return from kobject_init_and_add() fixing the memory leak. Re-name goto
+label 'put_back' to 'err1' now that we don't use err1, following current
+nomenclature (err1, err2 ...). Move call to kfree out of the error
+code at bottom of function up to closer to where memory was allocated.
+Add comment to clarify call to kfree().
+
+Signed-off-by: Tobin C. Harding <tobin@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/bridge/br_if.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
+index 41f0a696a65f..0cb0aa0313a8 100644
+--- a/net/bridge/br_if.c
++++ b/net/bridge/br_if.c
+@@ -602,13 +602,15 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
+ call_netdevice_notifiers(NETDEV_JOIN, dev);
+
+ err = dev_set_allmulti(dev, 1);
+- if (err)
+- goto put_back;
++ if (err) {
++ kfree(p); /* kobject not yet init'd, manually free */
++ goto err1;
++ }
+
+ err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj),
+ SYSFS_BRIDGE_PORT_ATTR);
+ if (err)
+- goto err1;
++ goto err2;
+
+ err = br_sysfs_addif(p);
+ if (err)
+@@ -700,12 +702,9 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
+ sysfs_remove_link(br->ifobj, p->dev->name);
+ err2:
+ kobject_put(&p->kobj);
+- p = NULL; /* kobject_put frees */
+-err1:
+ dev_set_allmulti(dev, -1);
+-put_back:
++err1:
+ dev_put(dev);
+- kfree(p);
+ return err;
+ }
+
+--
+2.21.0
+
diff --git a/series.conf b/series.conf
index 08be7e0211..1d0b7c34e4 100644
--- a/series.conf
+++ b/series.conf
@@ -100,6 +100,7 @@
patches.kernel.org/5.1.3-012-rtlwifi-rtl8723ae-Fix-missing-break-in-switch-s.patch
patches.kernel.org/5.1.3-013-Don-t-jump-to-compute_result-state-from-check_r.patch
patches.kernel.org/5.1.3-014-bonding-fix-arp_validate-toggling-in-active-bac.patch
+ patches.kernel.org/5.1.3-015-bridge-Fix-error-path-for-kobject_init_and_add.patch
########################################################
# Build fixes that apply to the vanilla kernel too.