nfc: fix memory leak of se_io context in nfc_genl_se_io
stable inclusion from stable-v5.10.173 commit 8978315cb4bf8878c9c8ec05dafd8f7ff539860d category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7X0QU Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8978315cb4bf8878c9c8ec05dafd8f7ff539860d -------------------------------- [ Upstream commit 25ff6f8a ] The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and supposed to be eventually freed in se_io_cb callback function. However, there are several error paths where the bwi_timer is not charged to call se_io_cb later, and the cb_context is leaked. The patch proposes to free the cb_context explicitly on those error paths. At the moment we can't simply check 'dev->ops->se_io()' return value as it may be negative in both cases: when the timer was charged and was not. Fixes: 5ce3f32b ("NFC: netlink: SE API implementation") Reported-by:<syzbot+df64c0a2e8d68e78a4fa@syzkaller.appspotmail.com> Signed-off-by:
Loading
Please sign in to comment