Commit 54fa2811 authored Mar 15, 2025 by Jianglei Nie Committed by He Yujie Mar 15, 2025

net: sfp: fix memory leak in sfp_probe()

stable inclusion
from stable-v4.19.253
commit 1545bc727625ea6e8decd717e5d1e8cc704ccf8f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBP27T
CVE: CVE-2022-49619

Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1545bc727625ea6e8decd717e5d1e8cc704ccf8f



--------------------------------

[ Upstream commit 0a18d802 ]

sfp_probe() allocates a memory chunk from sfp with sfp_alloc(). When
devm_add_action() fails, sfp is not freed, which leads to a memory leak.

We should use devm_add_action_or_reset() instead of devm_add_action().

Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/20220629075550.2152003-1-niejianglei2021@163.com


Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: He Yujie <coka.heyujie@huawei.com>

parent d734d6bb

drivers/net/phy/sfp.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1811,7 +1811,7 @@ static int sfp_probe(struct platform_device *pdev)

		platform_set_drvdata(pdev, sfp);

		err = devm_add_action(sfp->dev, sfp_cleanup, sfp);
		err = devm_add_action_or_reset(sfp->dev, sfp_cleanup, sfp);
		if (err < 0)
		return err;