Commit 0d69773f authored Oct 24, 2024 by Yang Yingliang Committed by Liao Chen Oct 24, 2024

hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()

stable inclusion
from stable-v4.19.268
commit 2f74cffc7c85f770b1b1833dccb03b8cde3be102
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRF6
CVE: CVE-2022-49011

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2f74cffc7c85f770b1b1833dccb03b8cde3be102



--------------------------------

[ Upstream commit 7dec1453 ]

As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). So call it after using to avoid refcount leak.

Fixes: 14513ee6 ("hwmon: (coretemp) Use PCI host bridge ID to identify CPU if necessary")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221118093303.214163-1-yangyingliang@huawei.com


Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Liao Chen <liaochen4@huawei.com>

parent 3c02090e

drivers/hwmon/coretemp.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -256,10 +256,13 @@ static int adjust_tjmax(struct cpuinfo_x86 c, u32 id, struct device dev)
		*/
		if (host_bridge && host_bridge->vendor == PCI_VENDOR_ID_INTEL) {
		for (i = 0; i < ARRAY_SIZE(tjmax_pci_table); i++) {
		if (host_bridge->device == tjmax_pci_table[i].device)
		if (host_bridge->device == tjmax_pci_table[i].device) {
		pci_dev_put(host_bridge);
		return tjmax_pci_table[i].tjmax;
		}
		}
		}
		pci_dev_put(host_bridge);

		for (i = 0; i < ARRAY_SIZE(tjmax_table); i++) {
		if (strstr(c->x86_model_id, tjmax_table[i].id))