Commit 649aef65 authored Sep 08, 2023 by Dan Carpenter Committed by sanglipeng Mar 18, 2024

of: dynamic: Fix potential memory leak in of_changeset_action()

stable inclusion
from stable-v5.10.198
commit 204c2d485f860e0d8fcc9468b2388e6a727dd18d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I987V5

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=204c2d485f860e0d8fcc9468b2388e6a727dd18d



--------------------------------

commit 55e95bfc upstream.

Smatch complains that the error path where "action" is invalid leaks
the "ce" allocation:
    drivers/of/dynamic.c:935 of_changeset_action()
    warn: possible memory leak of 'ce'

Fix this by doing the validation before the allocation.

Note that there is not any actual problem with upstream kernels. All
callers of of_changeset_action() are static inlines with fixed action
values.

Fixes: 914d9d83 ("of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/r/202309011059.EOdr4im9-lkp@intel.com/


Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/7dfaf999-30ad-491c-9615-fb1138db121c@moroto.mountain


Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: sanglipeng <sanglipeng1@jd.com>

parent 1ccd5f56

drivers/of/dynamic.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -893,13 +893,13 @@ int of_changeset_action(struct of_changeset *ocs, unsigned long action,
		{
		struct of_changeset_entry *ce;

		if (WARN_ON(action >= ARRAY_SIZE(action_names)))
		return -EINVAL;

		ce = kzalloc(sizeof(*ce), GFP_KERNEL);
		if (!ce)
		return -ENOMEM;

		if (WARN_ON(action >= ARRAY_SIZE(action_names)))
		return -EINVAL;

		/* get a reference to the node */
		ce->action = action;
		ce->np = of_node_get(np);