iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Wang Hai 248bd0506b mm/slub: fix a memory leak in sysfs_slab_add() 
commit dde3c6b72a16c2db826f54b2d49bdea26c3534a2 upstream.

syzkaller reports for memory leak when kobject_init_and_add() returns an
error in the function sysfs_slab_add() [1]

When this happened, the function kobject_put() is not called for the
corresponding kobject, which potentially leads to memory leak.

This patch fixes the issue by calling kobject_put() even if
kobject_init_and_add() fails.

[1]
  BUG: memory leak
  unreferenced object 0xffff8880a6d4be88 (size 8):
  comm "syz-executor.3", pid 946, jiffies 4295772514 (age 18.396s)
  hex dump (first 8 bytes):
    70 69 64 5f 33 00 ff ff                          pid_3...
  backtrace:
     kstrdup+0x35/0x70 mm/util.c:60
     kstrdup_const+0x3d/0x50 mm/util.c:82
     kvasprintf_const+0x112/0x170 lib/kasprintf.c:48
     kobject_set_name_vargs+0x55/0x130 lib/kobject.c:289
     kobject_add_varg lib/kobject.c:384 [inline]
     kobject_init_and_add+0xd8/0x170 lib/kobject.c:473
     sysfs_slab_add+0x1d8/0x290 mm/slub.c:5811
     __kmem_cache_create+0x50a/0x570 mm/slub.c:4384
     create_cache+0x113/0x1e0 mm/slab_common.c:407
     kmem_cache_create_usercopy+0x1a1/0x260 mm/slab_common.c:505
     kmem_cache_create+0xd/0x10 mm/slab_common.c:564
     create_pid_cachep kernel/pid_namespace.c:54 [inline]
     create_pid_namespace kernel/pid_namespace.c:96 [inline]
     copy_pid_ns+0x77c/0x8f0 kernel/pid_namespace.c:148
     create_new_namespaces+0x26b/0xa30 kernel/nsproxy.c:95
     unshare_nsproxy_namespaces+0xa7/0x1e0 kernel/nsproxy.c:229
     ksys_unshare+0x3d2/0x770 kernel/fork.c:2969
     __do_sys_unshare kernel/fork.c:3037 [inline]
     __se_sys_unshare kernel/fork.c:3035 [inline]
     __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3035
     do_syscall_64+0xa1/0x530 arch/x86/entry/common.c:295

Fixes: 80da026a8e5d ("mm/slub: fix slab double-free in case of duplicate sysfs filename")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Link: http://lkml.kernel.org/r/20200602115033.1054-1-wanghai38@huawei.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-06-20 10:24:12 +02:00
..
kasan
kasan: avoid -Wmaybe-uninitialized warning
2019-05-08 07:19:07 +02:00
backing-dev.c
writeback: synchronize sync(2) against cgroup writeback membership switches
2019-05-21 18:49:01 +02:00
balloon_compaction.c
mm: balloon: use general non-lru movable page feature
2016-07-26 16:19:19 -07:00
bootmem.c
mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping
2016-10-11 15:06:33 -07:00
cleancache.c
cleancache: constify cleancache_ops structure
2016-01-27 09:09:57 -05:00
cma_debug.c
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
2019-06-22 08:17:12 +02:00
cma.c
mm/cma.c: fail if fixed declaration can't be honored
2019-08-06 18:29:37 +02:00
cma.h
compaction.c
mm, compaction: fix NR_ISOLATED_* stats for pfn based migration
2017-01-12 11:39:32 +01:00
debug_page_ref.c
mm/page_ref: add tracepoint to track down page reference manipulation
2016-03-17 15:09:34 -07:00
debug.c
mm: get rid of vmacache_flush_all() entirely
2018-09-19 22:47:17 +02:00
dmapool.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
early_ioremap.c
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
2018-02-25 11:05:49 +01:00
fadvise.c
mm/fadvise.c: fix signed overflow UBSAN complaint
2018-09-15 09:42:57 +02:00
failslab.c
mm: fault-inject take over bootstrap kmem_cache check
2016-03-15 16:55:16 -07:00
filemap.c
mm/filemap.c: don't initiate writeback if mapping has no dirty pages
2019-11-12 19:16:10 +01:00
frame_vector.c
mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
2018-11-10 07:42:52 -08:00
frontswap.c
mm, frontswap: convert frontswap_enabled to static key
2016-07-26 16:19:19 -07:00
gup.c
mm: prevent get_user_pages() from overflowing page refcount
2019-06-11 12:22:45 +02:00
highmem.c
mm/highmem: make nr_free_highpages() handles all highmem zones by itself
2016-05-19 19:12:14 -07:00
huge_memory.c
mm/huge_memory.c: use head to check huge zero page
2020-03-11 07:53:08 +01:00
hugetlb_cgroup.c
mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
2019-11-25 09:51:58 +01:00
hugetlb.c
hugetlbfs: on restore reserve error path retain subpool reservation
2019-06-22 08:17:12 +02:00
hwpoison-inject.c
init-mm.c
mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
2017-01-06 10:40:13 +01:00
internal.h
vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n
2019-12-05 15:35:02 +01:00
interval_tree.c
Kconfig
mm: don't allow deferred pages with NEED_PER_CPU_KM
2018-05-22 16:57:57 +02:00
Kconfig.debug
PM / Hibernate: allow hibernation with PAGE_POISONING_ZERO
2016-09-13 02:35:27 +02:00
khugepaged.c
coredump: fix race condition between collapse_huge_page() and core dumping
2019-08-06 18:29:41 +02:00
kmemcheck.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak-test.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak.c
mm/kmemleak.c: fix check for softirq context
2019-08-04 09:33:41 +02:00
ksm.c
mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
2019-11-28 18:28:09 +01:00
list_lru.c
mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
2019-06-22 08:17:18 +02:00
maccess.c
x86: remove more uaccess_32.h complexity
2016-05-22 17:21:27 -07:00
madvise.c
mm: madvise(MADV_DODUMP): allow hugetlbfs pages
2018-10-10 08:53:20 +02:00
Makefile
Disable the __builtin_return_address() warning globally after all
2016-10-12 10:23:41 -07:00
memblock.c
mm/memblock.c: reversed logic in memblock_discard()
2017-08-30 10:21:47 +02:00
memcontrol.c
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
2020-04-02 17:20:26 +02:00
memory_hotplug.c
mm/memory_hotplug: make add_memory() take the device_hotplug_lock
2019-11-28 18:28:51 +01:00
memory-failure.c
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
2019-03-23 13:19:49 +01:00
memory.c
mm: stop leaking PageTables
2019-02-20 10:18:34 +01:00
mempolicy.c
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
2020-04-13 10:32:54 +02:00
mempool.c
Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements"
2016-07-28 16:07:41 -07:00
memtest.c
migrate.c
hugetlbfs: fix races and page leaks during migration
2019-03-13 14:04:54 -07:00
mincore.c
mm/mincore.c: make mincore() more conservative
2019-05-21 18:48:58 +02:00
mlock.c
mm/mlock.c: change count_mm_mlocked_page_nr return type
2019-07-10 09:55:43 +02:00
mm_init.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
mmap.c
arm64: Revert support for execute-only user mappings
2020-01-12 11:24:15 +01:00
mmu_context.c
mm/mmu_context, sched/core: Fix mmu_context.h assumption
2016-04-28 11:44:19 +02:00
mmu_notifier.c
mm/mmu_notifier: use hlist_add_head_rcu()
2019-08-04 09:33:42 +02:00
mmzone.c
mm, page_alloc: inline the fast path of the zonelist iterator
2016-05-19 19:12:14 -07:00
mprotect.c
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
2018-08-15 18:14:45 +02:00
mremap.c
mm: Fix mremap not considering huge pmd devmap
2020-06-11 09:22:20 +02:00
msync.c
mm/msync: use offset_in_page macro
2015-11-05 19:34:48 -08:00
nobootmem.c
mm: discard memblock data later
2017-08-24 17:12:19 -07:00
nommu.c
x86/mm: split vmalloc_sync_all()
2020-04-02 17:20:26 +02:00
oom_kill.c
oom, oom_reaper: do not enqueue same task twice
2019-02-12 19:45:02 +01:00
page_alloc.c
mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
2020-05-20 08:15:28 +02:00
page_counter.c
mm: page_counter: let page_counter_try_charge() return bool
2015-11-05 19:34:48 -08:00
page_ext.c
mm/page_ext.c: fix an imbalance with kmemleak
2019-04-05 22:29:06 +02:00
page_idle.c
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
2019-07-10 09:55:38 +02:00
page_io.c
mm/page_io.c: replace some BUG_ON()s with VM_BUG_ON_PAGE()
2016-10-07 18:46:29 -07:00
page_isolation.c
mm/page_isolation: fix typo: "paes" -> "pages"
2016-10-07 18:46:29 -07:00
page_owner.c
mm/page_owner: don't define fields on struct page_ext by hard-coding
2016-10-07 18:46:27 -07:00
page_poison.c
mm: check the return value of lookup_page_ext for all call sites
2016-06-03 15:06:22 -07:00
page-writeback.c
mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
2020-01-23 08:19:40 +01:00
pagewalk.c
mm/pagewalk.c: report holes in hugetlb ranges
2017-11-24 08:33:42 +01:00
percpu-km.c
mm: percpu: use pr_fmt to prefix output
2016-03-17 15:09:34 -07:00
percpu-vm.c
percpu.c
percpu: stop printing kernel addresses
2019-04-27 09:34:47 +02:00
pgtable-generic.c
mm/thp/migration: switch from flush_tlb_range to flush_pmd_tlb_range
2016-03-17 15:09:34 -07:00
process_vm_access.c
mm: remove write/force parameters from __get_user_pages_unlocked()
2016-10-18 14:13:37 -07:00
quicklist.c
fix Christoph's email addresses
2016-03-17 15:09:34 -07:00
readahead.c
mm: silently skip readahead for DAX inodes
2016-08-26 17:39:35 -07:00
rmap.c
mm: migration: fix migration of huge PMD shared pages
2018-11-21 09:26:03 +01:00
shmem.c
shmem: fix possible deadlocks on shmlock_user_lock
2020-05-20 08:15:33 +02:00
slab_common.c
mm: don't warn about large allocations for slab
2018-12-01 09:44:19 +01:00
slab.c
mm/slab.c: fix an infinite loop in leaks_show()
2019-06-22 08:17:13 +02:00
slab.h
slub: move synchronize_sched out of slab_mutex on shrink
2017-03-22 12:43:38 +01:00
slob.c
slub: move synchronize_sched out of slab_mutex on shrink
2017-03-22 12:43:38 +01:00
slub.c
mm/slub: fix a memory leak in sysfs_slab_add()
2020-06-20 10:24:12 +02:00
sparse-vmemmap.c
treewide: replace obsolete _refok by __ref
2016-08-02 17:31:41 -04:00
sparse.c
mm/memory_hotplug: set magic number to page->freelist instead of page->lru.next
2017-10-21 17:21:36 +02:00
swap_cgroup.c
mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
2017-07-05 14:40:17 +02:00
swap_state.c
mm, swap: use offset of swap entry as key of swap cache
2016-10-07 18:46:28 -07:00
swap.c
thp: reduce usage of huge zero page's atomic counter
2016-10-07 18:46:28 -07:00
swapfile.c
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
2018-08-15 18:14:45 +02:00
truncate.c
mm: cleancache: fix corruption on missed inode invalidation
2018-12-08 13:05:09 +01:00
usercopy.c
usercopy: Avoid HIGHMEM pfn warning
2019-10-17 13:42:06 -07:00
userfaultfd.c
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
util.c
mm: page_mapped: don't assume compound page is huge or THP
2019-01-16 22:12:32 +01:00
vmacache.c
mm: get rid of vmacache_flush_all() entirely
2018-09-19 22:47:17 +02:00
vmalloc.c
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
2020-06-03 08:16:47 +02:00
vmpressure.c
mm: vmpressure: fix sending wrong events on underflow
2017-03-12 06:41:43 +01:00
vmscan.c
mm: remove seemingly spurious reclaimability check from laptop_mode gating
2018-09-19 22:47:12 +02:00
vmstat.c
mm, vmstat: hide /proc/pagetypeinfo from normal users
2019-11-12 19:15:43 +01:00
workingset.c
mm: workingset: fix premature shadow node shrinking with cgroups
2017-04-08 09:30:36 +02:00
z3fold.c
mm/z3fold.c: avoid modifying HEADLESS page and minor cleanup
2016-06-03 16:02:55 -07:00
zbud.c
mm/zbud.c: use list_last_entry() instead of list_tail_entry()
2016-01-15 11:40:52 -08:00
zpool.c
mm: zsmalloc: constify struct zs_pool name
2015-11-06 17:50:42 -08:00
zsmalloc.c
mm/zsmalloc.c: fix the migrated zspage statistics.
2020-01-12 11:24:13 +01:00
zswap.c
zswap: re-check zswap_is_full() after do zswap_shrink()
2018-09-05 09:20:02 +02:00