[PATCH openEuler-1.0-LTS] NTB: fix possible name leak in ntb_register_device()

From: Yang Yingliang yangyingliang@huawei.com

mainline inclusion from mainline-v6.9-rc1 commit aebfdfe39b9327a3077d0df8db3beb3160c9bdd0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9IV CVE: CVE-2023-52652

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

--------------------------------

If device_register() fails in ntb_register_device(), the device name allocated by dev_set_name() should be freed. As per the comment in device_register(), callers should use put_device() to give up the reference in the error path. So fix this by calling put_device() in the error path so that the name can be freed in kobject_cleanup().

As a result of this, put_device() in the error path of ntb_register_device() is removed and the actual error is returned.

Fixes: a1bd3baeb2f1 ("NTB: Add NTB hardware abstraction layer") Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Ilpo Järvinen ilpo.jarvinen@linux.intel.com Reviewed-by: Manivannan Sadhasivam manivannan.sadhasivam@linaro.org Reviewed-by: Dave Jiang dave.jiang@intel.com Link: https://lore.kernel.org/r/20231201033057.1399131-1-yangyingliang@huaweicloud... [mani: reworded commit message] Signed-off-by: Manivannan Sadhasivam manivannan.sadhasivam@linaro.org Conflicts: drivers/ntb/core.c drivers/pci/endpoint/functions/pci-epf-vntb.c [The version does not include the pci-epf-vntb.c source file, and ntb_register_device() function is located in drivers/ntb/ntb.c.] Signed-off-by: Zeng Heng zengheng4@huawei.com --- drivers/ntb/ntb.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/ntb/ntb.c b/drivers/ntb/ntb.c index 2581ab724c34..3305a2fbea4e 100644 --- a/drivers/ntb/ntb.c +++ b/drivers/ntb/ntb.c @@ -100,6 +100,8 @@ EXPORT_SYMBOL(ntb_unregister_client);

int ntb_register_device(struct ntb_dev *ntb) { + int ret; + if (!ntb) return -EINVAL; if (!ntb->pdev) @@ -120,7 +122,11 @@ int ntb_register_device(struct ntb_dev *ntb) ntb->ctx_ops = NULL; spin_lock_init(&ntb->ctx_lock);

- return device_register(&ntb->dev); + ret = device_register(&ntb->dev); + if (ret) + put_device(&ntb->dev); + + return ret; } EXPORT_SYMBOL(ntb_register_device);