From: Jessica Yu <jeyu@kernel.org>
To: YueHaibing <yuehaibing@huawei.com>
Cc: gregkh@linuxfoundation.org, mbenes@suse.cz, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] kernel/module: Fix mem leak in module_add_modinfo_attrs
Date: Tue, 11 Jun 2019 15:33:45 +0200 [thread overview]
Message-ID: <20190611133344.GA9114@linux-8ccs> (raw)
In-Reply-To: <20190603144554.18168-1-yuehaibing@huawei.com>
+++ YueHaibing [03/06/19 22:45 +0800]:
>In module_add_modinfo_attrs if sysfs_create_file
>fails, we forget to free allocated modinfo_attrs
>and roll back the sysfs files.
>
>Fixes: 03e88ae1b13d ("[PATCH] fix module sysfs files reference counting")
>Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>---
>v3: reuse module_remove_modinfo_attrs
>v2: free from '--i' instead of 'i--'
>---
> kernel/module.c | 21 ++++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
>diff --git a/kernel/module.c b/kernel/module.c
>index 80c7c09..c6b8912 100644
>--- a/kernel/module.c
>+++ b/kernel/module.c
>@@ -1697,6 +1697,8 @@ static int add_usage_links(struct module *mod)
> return ret;
> }
>
>+static void module_remove_modinfo_attrs(struct module *mod, int end);
>+
> static int module_add_modinfo_attrs(struct module *mod)
> {
> struct module_attribute *attr;
>@@ -1711,24 +1713,33 @@ static int module_add_modinfo_attrs(struct module *mod)
> return -ENOMEM;
>
> temp_attr = mod->modinfo_attrs;
>- for (i = 0; (attr = modinfo_attrs[i]) && !error; i++) {
>+ for (i = 0; (attr = modinfo_attrs[i]); i++) {
> if (!attr->test || attr->test(mod)) {
> memcpy(temp_attr, attr, sizeof(*temp_attr));
> sysfs_attr_init(&temp_attr->attr);
> error = sysfs_create_file(&mod->mkobj.kobj,
> &temp_attr->attr);
>+ if (error)
>+ goto error_out;
> ++temp_attr;
> }
> }
>+
>+ return 0;
>+
>+error_out:
>+ module_remove_modinfo_attrs(mod, --i);
Gah, I think there is another issue here - if sysfs_create_file()
fails on the first iteration of the loop (so i = 0), then we will go
to error_out and end up calling module_remove_modinfo_attrs(mod, -1),
which, for i = 0, will call sysfs_remove_file() since attr->attr.name
had already been set before the failed call to sysfs_create_file().
Perhaps we need to check that i > 0 before calling
module_remove_modinfo_attrs() under error_out?
> return error;
> }
>
>-static void module_remove_modinfo_attrs(struct module *mod)
>+static void module_remove_modinfo_attrs(struct module *mod, int end)
> {
> struct module_attribute *attr;
> int i;
>
> for (i = 0; (attr = &mod->modinfo_attrs[i]); i++) {
>+ if (end >= 0 && i > end)
>+ break;
> /* pick a field to test for end of list */
> if (!attr->attr.name)
> break;
>@@ -1816,7 +1827,7 @@ static int mod_sysfs_setup(struct module *mod,
> return 0;
>
> out_unreg_modinfo_attrs:
>- module_remove_modinfo_attrs(mod);
>+ module_remove_modinfo_attrs(mod, -1);
> out_unreg_param:
> module_param_sysfs_remove(mod);
> out_unreg_holders:
>@@ -1852,7 +1863,7 @@ static void mod_sysfs_fini(struct module *mod)
> {
> }
>
>-static void module_remove_modinfo_attrs(struct module *mod)
>+static void module_remove_modinfo_attrs(struct module *mod, int end)
> {
> }
>
>@@ -1868,7 +1879,7 @@ static void init_param_lock(struct module *mod)
> static void mod_sysfs_teardown(struct module *mod)
> {
> del_usage_links(mod);
>- module_remove_modinfo_attrs(mod);
>+ module_remove_modinfo_attrs(mod, -1);
> module_param_sysfs_remove(mod);
> kobject_put(mod->mkobj.drivers_dir);
> kobject_put(mod->holders_dir);
>--
>1.8.3.1
>
>
next prev parent reply other threads:[~2019-06-11 13:33 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-15 16:12 [PATCH] kernel/module: Fix mem leak in module_add_modinfo_attrs YueHaibing
2019-05-30 9:24 ` Yuehaibing
2019-05-30 11:45 ` Jessica Yu
2019-05-30 13:32 ` Yuehaibing
2019-05-30 13:43 ` [PATCH v2] " YueHaibing
2019-06-03 10:47 ` Jessica Yu
2019-06-03 12:41 ` Yuehaibing
2019-06-03 12:11 ` Miroslav Benes
2019-06-03 14:45 ` Yuehaibing
2019-06-03 14:45 ` [PATCH v3] " YueHaibing
2019-06-04 10:46 ` Miroslav Benes
2019-06-04 13:54 ` Yuehaibing
2019-06-04 14:15 ` Miroslav Benes
2019-06-07 14:02 ` Jessica Yu
2019-06-11 13:33 ` Jessica Yu [this message]
2019-06-11 14:30 ` Yuehaibing
2019-06-11 15:38 ` Greg KH
2019-06-11 15:00 ` [PATCH v4] " YueHaibing
2019-06-12 11:12 ` Miroslav Benes
2019-06-14 7:54 ` Jessica Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190611133344.GA9114@linux-8ccs \
--to=jeyu@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.