driver core: class: fix slab-use-after-free Read in class_register()

Syzbot found that we had forgotten to unregister the lock_class_key when using it in commit dcfbb67 ("driver core: class: use lock_class_key already present in struct subsys_private") so fix that up and correctly release it when done. Cc: "Rafael J. Wysocki" <rafael@kernel.org> Reported-and-tested-by: <syzbot+41d665317c811d4d88aa@syzkaller.appspotmail.com> Fixes: dcfbb67 ("driver core: class: use lock_class_key already present in struct subsys_private") Link: https://lore.kernel.org/r/2023040126-blandness-duckling-bd55@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mariux64 · Apr 1, 2023 · f326ea6 · f326ea6
1 parent 980c056
commit f326ea6
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/drivers/base/class.c b/drivers/base/class.c
@@ -103,6 +103,7 @@ static void class_release(struct kobject *kobj)
 		pr_debug("class '%s' does not have a release() function, "
 			 "be careful\n", class->name);
 
+	lockdep_unregister_key(&cp->lock_key);
 	kfree(cp);
 }