CVE-2023-53234

In the Linux kernel, the following vulnerability has been resolved:

watchdog: Fix kmemleak in watchdogcdevregister

kmemleak reports memory leaks in watchdogdevregister, as follows: unreferenced object 0xffff888116233000 (size 2048): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 32 bytes): 80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#..... 08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#............. backtrace: [<000000007f001ffd>] __kmemcacheallocnode+0x157/0x220 [<000000006a389304>] kmalloctrace+0x21/0x110 [<000000008d640eea>] watchdogdevregister+0x4e/0x780 [watchdog] [<0000000053c9f248>] _watchdogregisterdevice+0x4f0/0x680 [watchdog] [<00000000b2979824>] watchdogregisterdevice+0xd2/0x110 [watchdog] [<000000001f730178>] 0xffffffffc10880ae [<000000007a1a8bcc>] dooneinitcall+0xcb/0x4d0 [<00000000b98be325>] doinitmodule+0x1ca/0x5f0 [<0000000046d08e7c>] loadmodule+0x6133/0x70f0 ...

unreferenced object 0xffff888105b9fa80 (size 16): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 16 bytes): 77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff watchdog1....... backtrace: [<000000007f001ffd>] __kmemcachealloc_node+0x157/0x220 [<00000000486ab89b>] __kmallocnodetrack_caller+0x44/0x1b0 [<000000005a39aab0>] kvasprintf+0xb5/0x140 [<0000000024806f85>] kvasprintfconst+0x55/0x180 [<000000009276cb7f>] kobjectsetnamevargs+0x56/0x150 [<00000000a92e820b>] devsetname+0xab/0xe0 [<00000000cec812c6>] watchdogdevregister+0x285/0x780 [watchdog] [<0000000053c9f248>] _watchdogregisterdevice+0x4f0/0x680 [watchdog] [<00000000b2979824>] watchdogregisterdevice+0xd2/0x110 [watchdog] [<000000001f730178>] 0xffffffffc10880ae [<000000007a1a8bcc>] dooneinitcall+0xcb/0x4d0 [<00000000b98be325>] doinitmodule+0x1ca/0x5f0 [<0000000046d08e7c>] loadmodule+0x6133/0x70f0 ...

The reason is that putdevice is not be called if cdevdevice_add fails and wdd->id != 0.

watchdogcdevregister wddata = kzalloc [1] err = devsetname [2] .. err = cdevdevice_add if (err) { if (wdd->id == 0) { // wdd->id != 0 .. } return err; // [1],[2] would be leaked

To fix it, call put_device in all wdd->id cases.