]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - queue-4.4/stm-class-fix-unbalanced-module-device-refcounting.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4.4-stable patches
[thirdparty/kernel/stable-queue.git] / queue-4.4 / stm-class-fix-unbalanced-module-device-refcounting.patch
1 From beb1788daaa21b442a9b0f76ba24255dac487c8c Mon Sep 17 00:00:00 2001
2 From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
3 Date: Mon, 15 Feb 2016 19:12:07 +0200
4 Subject: stm class: Fix unbalanced module/device refcounting
5
6 [ Upstream commit f7c81c7176c72c7899390754b4b038a64b296e4d ]
7
8 STM code takes references to the stm device and its module for the
9 duration of the character device's existence or the stm_source link.
10 Dropping these references is not well balanced everywhere, which may
11 lead to leaks.
12
13 This patch balances the acquisition and releasing of these two
14 references and annotates each site so that it's easier to verify
15 correctness by reading the code.
16
17 Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 Signed-off-by: Sasha Levin <sashal@kernel.org>
20 ---
21 drivers/hwtracing/stm/core.c | 20 ++++++++++++++------
22 1 file changed, 14 insertions(+), 6 deletions(-)
23
24 diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
25 index f8e46c38b565..cdc692d6cedd 100644
26 --- a/drivers/hwtracing/stm/core.c
27 +++ b/drivers/hwtracing/stm/core.c
28 @@ -114,6 +114,7 @@ struct stm_device *stm_find_device(const char *buf)
29
30 stm = to_stm_device(dev);
31 if (!try_module_get(stm->owner)) {
32 + /* matches class_find_device() above */
33 put_device(dev);
34 return NULL;
35 }
36 @@ -126,7 +127,7 @@ struct stm_device *stm_find_device(const char *buf)
37 * @stm: stm device, previously acquired by stm_find_device()
38 *
39 * This drops the module reference and device reference taken by
40 - * stm_find_device().
41 + * stm_find_device() or stm_char_open().
42 */
43 void stm_put_device(struct stm_device *stm)
44 {
45 @@ -369,6 +370,8 @@ static int stm_char_open(struct inode *inode, struct file *file)
46 return nonseekable_open(inode, file);
47
48 err_free:
49 + /* matches class_find_device() above */
50 + put_device(dev);
51 kfree(stmf);
52
53 return err;
54 @@ -379,6 +382,11 @@ static int stm_char_release(struct inode *inode, struct file *file)
55 struct stm_file *stmf = file->private_data;
56
57 stm_output_free(stmf->stm, &stmf->output);
58 +
59 + /*
60 + * matches the stm_char_open()'s
61 + * class_find_device() + try_module_get()
62 + */
63 stm_put_device(stmf->stm);
64 kfree(stmf);
65
66 @@ -540,10 +548,8 @@ static int stm_char_policy_set_ioctl(struct stm_file *stmf, void __user *arg)
67 ret = stm->data->link(stm->data, stmf->output.master,
68 stmf->output.channel);
69
70 - if (ret) {
71 + if (ret)
72 stm_output_free(stmf->stm, &stmf->output);
73 - stm_put_device(stmf->stm);
74 - }
75
76 err_free:
77 kfree(id);
78 @@ -680,6 +686,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
79 return 0;
80
81 err_device:
82 + /* matches device_initialize() above */
83 put_device(&stm->dev);
84 err_free:
85 vfree(stm);
86 @@ -792,7 +799,6 @@ static int stm_source_link_add(struct stm_source_device *src,
87
88 fail_free_output:
89 stm_output_free(stm, &src->output);
90 - stm_put_device(stm);
91
92 fail_detach:
93 mutex_lock(&stm->link_mutex);
94 @@ -906,8 +912,10 @@ static ssize_t stm_source_link_store(struct device *dev,
95 return -EINVAL;
96
97 err = stm_source_link_add(src, link);
98 - if (err)
99 + if (err) {
100 + /* matches the stm_find_device() above */
101 stm_put_device(link);
102 + }
103
104 return err ? : count;
105 }
106 --
107 2.19.1
108
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git