Patch "net: caif: fix memory leak in caif_device_notify" has been added to the 5.10-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 08 Jun 2021 14:31:58 +0200

This is a note to let you know that I've just added the patch titled

    net: caif: fix memory leak in caif_device_notify

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-caif-fix-memory-leak-in-caif_device_notify.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b53558a950a89824938e9811eddfc8efcd94e1bb Mon Sep 17 00:00:00 2001
From: Pavel Skripkin <paskripkin@xxxxxxxxx>
Date: Thu, 3 Jun 2021 19:39:11 +0300
Subject: net: caif: fix memory leak in caif_device_notify

From: Pavel Skripkin <paskripkin@xxxxxxxxx>

commit b53558a950a89824938e9811eddfc8efcd94e1bb upstream.

In case of caif_enroll_dev() fail, allocated
link_support won't be assigned to the corresponding
structure. So simply free allocated pointer in case
of error

Fixes: 7c18d2205ea7 ("caif: Restructure how link caif link layer enroll")
Cc: stable@xxxxxxxxxxxxxxx
Reported-and-tested-by: syzbot+7ec324747ce876a29db6@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/caif/caif_dev.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c
@@ -370,6 +370,7 @@ static int caif_device_notify(struct not
 	struct cflayer *layer, *link_support;
 	int head_room = 0;
 	struct caif_device_entry_list *caifdevs;
+	int res;
 
 	cfg = get_cfcnfg(dev_net(dev));
 	caifdevs = caif_device_list(dev_net(dev));
@@ -395,8 +396,10 @@ static int caif_device_notify(struct not
 				break;
 			}
 		}
-		caif_enroll_dev(dev, caifdev, link_support, head_room,
+		res = caif_enroll_dev(dev, caifdev, link_support, head_room,
 				&layer, NULL);
+		if (res)
+			cfserl_release(link_support);
 		caifdev->flowctrl = dev_flowctrl;
 		break;
 


Patches currently in stable-queue which might be from paskripkin@xxxxxxxxx are

queue-5.10/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
queue-5.10/net-caif-fix-memory-leak-in-cfusbl_device_notify.patch
queue-5.10/net-caif-added-cfserl_release-function.patch
queue-5.10/net-caif-add-proper-error-handling.patch
queue-5.10/net-caif-fix-memory-leak-in-caif_device_notify.patch






