From: SeongJae Park <sj@kernel.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
SeongJae Park <sj@kernel.org>,
linux-kernel@vger.kernel.org, damon@lists.linux.dev,
linux-mm@kvack.org, stable <stable@kernel.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] mm/damon/dbgfs: fix memory leak when using debugfs_lookup()
Date: Fri, 2 Sep 2022 18:12:22 +0000 [thread overview]
Message-ID: <20220902181222.83287-1-sj@kernel.org> (raw)
In-Reply-To: <20220902091703.dcee7737e7ce8857e3235fa7@linux-foundation.org>
Hi Andrew and Greg!
On Fri, 2 Sep 2022 09:17:03 -0700 Andrew Morton <akpm@linux-foundation.org> wrote:
> On Fri, 2 Sep 2022 14:56:31 +0200 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
>
> > When calling debugfs_lookup() the result must have dput() called on it,
> > otherwise the memory will leak over time. Fix this up by properly
> > calling dput().
Thank you for finding this bug and posting this patch, Greg!
> >
> > ...
> >
>
> Fixes: 75c1c2b53c78b, I assume.
Correct, Andrew.
Fixes: 75c1c2b53c78b ("mm/damon/dbgfs: support multiple contexts")
Cc: <stable@vger.kernel.org> # 5.15.x
>
> > --- a/mm/damon/dbgfs.c
> > +++ b/mm/damon/dbgfs.c
> > @@ -915,6 +915,7 @@ static int dbgfs_rm_context(char *name)
> > new_ctxs[j++] = dbgfs_ctxs[i];
> > }
> >
> > + dput(dir);
> > kfree(dbgfs_dirs);
> > kfree(dbgfs_ctxs);
> >
>
> dput() is also needed if either of the kmalloc_array() calls fail?
> Maybe something like
Good catch.
>
> --- a/mm/damon/dbgfs.c~a
> +++ a/mm/damon/dbgfs.c
> @@ -884,6 +884,7 @@ static int dbgfs_rm_context(char *name)
> struct dentry *root, *dir, **new_dirs;
> struct damon_ctx **new_ctxs;
> int i, j;
> + int ret = 0;
>
> if (damon_nr_running_ctxs())
> return -EBUSY;
> @@ -899,14 +900,12 @@ static int dbgfs_rm_context(char *name)
> new_dirs = kmalloc_array(dbgfs_nr_ctxs - 1, sizeof(*dbgfs_dirs),
> GFP_KERNEL);
> if (!new_dirs)
> - return -ENOMEM;
> + goto out_dput;
Shouldn't we also do 'ret = -ENOMEM;' before 'godo out_dput'?
>
> new_ctxs = kmalloc_array(dbgfs_nr_ctxs - 1, sizeof(*dbgfs_ctxs),
> GFP_KERNEL);
> - if (!new_ctxs) {
> - kfree(new_dirs);
> - return -ENOMEM;
> - }
> + if (!new_ctxs)
> + goto out_new_dirs;
ditto.
>
> for (i = 0, j = 0; i < dbgfs_nr_ctxs; i++) {
> if (dbgfs_dirs[i] == dir) {
> @@ -925,7 +924,13 @@ static int dbgfs_rm_context(char *name)
> dbgfs_ctxs = new_ctxs;
> dbgfs_nr_ctxs--;
>
> - return 0;
> + goto out_dput;
> +
> +out_new_dirs:
> + kfree(new_dirs);
> +out_dput:
> + dput(dir);
> + return ret;
> }
>
> static ssize_t dbgfs_rm_context_write(struct file *file,
> _
Thanks,
SJ
prev parent reply other threads:[~2022-09-02 18:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-02 12:56 [PATCH] mm/damon/dbgfs: fix memory leak when using debugfs_lookup() Greg Kroah-Hartman
2022-09-02 16:17 ` Andrew Morton
2022-09-02 18:12 ` SeongJae Park [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220902181222.83287-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=damon@lists.linux.dev \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.