Hi Kernel maintainers,
We found a possible refcount leak in sgx_encl_mm_add().
In this function, a reference to encl->refcount is taken before registering the
MMU notifier:
/* Grab a refcount for the encl_mm->encl reference: */
kref_get(&encl->refcount); // 1. Reference acquired here.
encl_mm->encl = encl;
ret = __mmu_notifier_register(&encl_mm->mmu_notifier, mm);
if (ret) {
kfree(encl_mm);
return ret; // 2. Returns without kref_put.
}
If __mmu_notifier_register() fails, the function frees encl_mm but does not
drop the reference acquired by kref_get(&encl->refcount). This seems to leak
one reference to encl.
Please let us know if the kref_put is unnecessary here.
Thanks.
