CVE-2022-50578

In the Linux kernel, the following vulnerability has been resolved:

class: fix possible memory leak in _classregister()

If classaddgroups() returns error, the 'cp->subsys' need be unregister, and the 'cp' need be freed.

We can not call ksetunregister() here, because the 'cls' will be freed in callback function classrelease() and it's also freed in caller's error path, it will cause double free.

So fix this by calling kobjectdel() and kfreeconst(name) to cleanup kobject. Besides, call kfree() to free the 'cp'.

Fault injection test can trigger this:

unreferenced object 0xffff888102fa8190 (size 8): comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s) hex dump (first 8 bytes): 70 6b 74 63 64 76 64 00 pktcdvd. backtrace: [<00000000e7c7703d>] __kmalloctrackcaller+0x1ae/0x320 [<000000005e4d70bc>] kstrdup+0x3a/0x70 [<00000000c2e5e85a>] kstrdup_const+0x68/0x80 [<000000000049a8c7>] kvasprintfconst+0x10b/0x190 [<0000000029123163>] kobjectsetnamevargs+0x56/0x150 [<00000000747219c9>] kobjectsetname+0xab/0xe0 [<0000000005f1ea4e>] _classregister+0x15c/0x49a

unreferenced object 0xffff888037274000 (size 1024): comm "modprobe", pid 502, jiffies 4294906074 (age 49.296s) hex dump (first 32 bytes): 00 40 27 37 80 88 ff ff 00 40 27 37 80 88 ff ff .@'7.....@'7.... 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... backtrace: [<00000000151f9600>] kmemcachealloc_trace+0x17c/0x2f0 [<00000000ecf3dd95>] _classregister+0x86/0x49a