Skip to content

Commit 58af3d3

Browse files
pskrgagdavem330
pskrgag
authored and
davem330
committed
net: caif: fix memory leak in ldisc_open
Syzbot reported memory leak in tty_init_dev(). The problem was in unputted tty in ldisc_open() static int ldisc_open(struct tty_struct *tty) { ... ser->tty = tty_kref_get(tty); ... result = register_netdevice(dev); if (result) { rtnl_unlock(); free_netdev(dev); return -ENODEV; } ... } Ser pointer is netdev private_data, so after free_netdev() this pointer goes away with unputted tty reference. So, fix it by adding tty_kref_put() before freeing netdev. Reported-and-tested-by: [email protected] Signed-off-by: Pavel Skripkin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 09427c1 commit 58af3d3

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

drivers/net/caif/caif_serial.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -350,6 +350,7 @@ static int ldisc_open(struct tty_struct *tty)
350350
rtnl_lock();
351351
result = register_netdevice(dev);
352352
if (result) {
353+
tty_kref_put(tty);
353354
rtnl_unlock();
354355
free_netdev(dev);
355356
return -ENODEV;

0 commit comments

Comments
 (0)