From: Vladimir Davydov <vdavydov@parallels.com>
To: Dave Jones <davej@redhat.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
linux-mm@kvack.org, cl@linux-foundation.org, penberg@kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: slub: fix leak of 'name' in sysfs_slab_add
Date: Fri, 7 Mar 2014 10:18:04 +0400 [thread overview]
Message-ID: <5319649C.3060309@parallels.com> (raw)
In-Reply-To: <20140306211141.GA17009@redhat.com>
[adding Andrew to Cc]
On 03/07/2014 01:11 AM, Dave Jones wrote:
> The failure paths of sysfs_slab_add don't release the allocation of 'name'
> made by create_unique_id() a few lines above the context of the diff below.
> Create a common exit path to make it more obvious what needs freeing.
>
> Signed-off-by: Dave Jones <davej@fedoraproject.org>
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 25f14ad8f817..b2181d2682ac 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -5197,17 +5197,13 @@ static int sysfs_slab_add(struct kmem_cache *s)
>
> s->kobj.kset = slab_kset;
> err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
> - if (err) {
> - kobject_put(&s->kobj);
> - return err;
> - }
> + if (err)
> + goto err_out;
>
> err = sysfs_create_group(&s->kobj, &slab_attr_group);
> - if (err) {
> - kobject_del(&s->kobj);
> - kobject_put(&s->kobj);
> - return err;
> - }
> + if (err)
> + goto err_sysfs;
> +
> kobject_uevent(&s->kobj, KOBJ_ADD);
> if (!unmergeable) {
> /* Setup first alias */
> @@ -5215,6 +5211,13 @@ static int sysfs_slab_add(struct kmem_cache *s)
> kfree(name);
> }
> return 0;
> +
> +err_sysfs:
> + kobject_del(&s->kobj);
> +err_out:
> + kobject_put(&s->kobj);
> + kfree(name);
> + return err;
> }
We should free the name only if !unmergeable, because:
sysfs_slab_add():
if (unmergeable) {
/*
* Slabcache can never be merged so we can use the name proper.
* This is typically the case for debug situations. In that
* case we can catch duplicate names easily.
*/
sysfs_remove_link(&slab_kset->kobj, s->name);
name = s->name;
} else {
/*
* Create a unique name for the slab as a target
* for the symlinks.
*/
name = create_unique_id(s);
}
Since this function was modified in the mmotm tree, I would propose
something like this on top of mmotm to avoid further merge conflicts:
diff --git a/mm/slub.c b/mm/slub.c
index c6eb29d65847..f4ca525c05b0 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5214,25 +5214,19 @@ static int sysfs_slab_add(struct kmem_cache *s)
s->kobj.kset = cache_kset(s);
err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
- if (err) {
- kobject_put(&s->kobj);
- return err;
- }
+ if (err)
+ goto out_put_kobj;
err = sysfs_create_group(&s->kobj, &slab_attr_group);
- if (err) {
- kobject_del(&s->kobj);
- kobject_put(&s->kobj);
- return err;
- }
+ if (err)
+ goto out_del_kobj;
#ifdef CONFIG_MEMCG_KMEM
if (is_root_cache(s)) {
s->memcg_kset = kset_create_and_add("cgroup", NULL, &s->kobj);
if (!s->memcg_kset) {
- kobject_del(&s->kobj);
- kobject_put(&s->kobj);
- return -ENOMEM;
+ err = -ENOMEM;
+ goto out_del_kobj;
}
}
#endif
@@ -5241,9 +5235,16 @@ static int sysfs_slab_add(struct kmem_cache *s)
if (!unmergeable) {
/* Setup first alias */
sysfs_slab_alias(s, s->name);
- kfree(name);
}
- return 0;
+out:
+ if (!unmergeable)
+ kfree(name);
+ return err;
+out_del_kobj:
+ kobject_del(&s->kobj);
+out_put_kobj:
+ kobject_put(&s->kobj);
+ goto out;
}
static void sysfs_slab_remove(struct kmem_cache *s)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Vladimir Davydov <vdavydov@parallels.com>
To: Dave Jones <davej@redhat.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
<cl@linux-foundation.org>, <penberg@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: slub: fix leak of 'name' in sysfs_slab_add
Date: Fri, 7 Mar 2014 10:18:04 +0400 [thread overview]
Message-ID: <5319649C.3060309@parallels.com> (raw)
In-Reply-To: <20140306211141.GA17009@redhat.com>
[adding Andrew to Cc]
On 03/07/2014 01:11 AM, Dave Jones wrote:
> The failure paths of sysfs_slab_add don't release the allocation of 'name'
> made by create_unique_id() a few lines above the context of the diff below.
> Create a common exit path to make it more obvious what needs freeing.
>
> Signed-off-by: Dave Jones <davej@fedoraproject.org>
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 25f14ad8f817..b2181d2682ac 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -5197,17 +5197,13 @@ static int sysfs_slab_add(struct kmem_cache *s)
>
> s->kobj.kset = slab_kset;
> err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
> - if (err) {
> - kobject_put(&s->kobj);
> - return err;
> - }
> + if (err)
> + goto err_out;
>
> err = sysfs_create_group(&s->kobj, &slab_attr_group);
> - if (err) {
> - kobject_del(&s->kobj);
> - kobject_put(&s->kobj);
> - return err;
> - }
> + if (err)
> + goto err_sysfs;
> +
> kobject_uevent(&s->kobj, KOBJ_ADD);
> if (!unmergeable) {
> /* Setup first alias */
> @@ -5215,6 +5211,13 @@ static int sysfs_slab_add(struct kmem_cache *s)
> kfree(name);
> }
> return 0;
> +
> +err_sysfs:
> + kobject_del(&s->kobj);
> +err_out:
> + kobject_put(&s->kobj);
> + kfree(name);
> + return err;
> }
We should free the name only if !unmergeable, because:
sysfs_slab_add():
if (unmergeable) {
/*
* Slabcache can never be merged so we can use the name proper.
* This is typically the case for debug situations. In that
* case we can catch duplicate names easily.
*/
sysfs_remove_link(&slab_kset->kobj, s->name);
name = s->name;
} else {
/*
* Create a unique name for the slab as a target
* for the symlinks.
*/
name = create_unique_id(s);
}
Since this function was modified in the mmotm tree, I would propose
something like this on top of mmotm to avoid further merge conflicts:
diff --git a/mm/slub.c b/mm/slub.c
index c6eb29d65847..f4ca525c05b0 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5214,25 +5214,19 @@ static int sysfs_slab_add(struct kmem_cache *s)
s->kobj.kset = cache_kset(s);
err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
- if (err) {
- kobject_put(&s->kobj);
- return err;
- }
+ if (err)
+ goto out_put_kobj;
err = sysfs_create_group(&s->kobj, &slab_attr_group);
- if (err) {
- kobject_del(&s->kobj);
- kobject_put(&s->kobj);
- return err;
- }
+ if (err)
+ goto out_del_kobj;
#ifdef CONFIG_MEMCG_KMEM
if (is_root_cache(s)) {
s->memcg_kset = kset_create_and_add("cgroup", NULL, &s->kobj);
if (!s->memcg_kset) {
- kobject_del(&s->kobj);
- kobject_put(&s->kobj);
- return -ENOMEM;
+ err = -ENOMEM;
+ goto out_del_kobj;
}
}
#endif
@@ -5241,9 +5235,16 @@ static int sysfs_slab_add(struct kmem_cache *s)
if (!unmergeable) {
/* Setup first alias */
sysfs_slab_alias(s, s->name);
- kfree(name);
}
- return 0;
+out:
+ if (!unmergeable)
+ kfree(name);
+ return err;
+out_del_kobj:
+ kobject_del(&s->kobj);
+out_put_kobj:
+ kobject_put(&s->kobj);
+ goto out;
}
static void sysfs_slab_remove(struct kmem_cache *s)
next prev parent reply other threads:[~2014-03-07 6:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-06 21:11 slub: fix leak of 'name' in sysfs_slab_add Dave Jones
2014-03-06 21:11 ` Dave Jones
2014-03-07 6:18 ` Vladimir Davydov [this message]
2014-03-07 6:18 ` Vladimir Davydov
2014-03-07 15:32 ` Dave Jones
2014-03-07 15:32 ` Dave Jones
2014-03-07 17:14 ` Christoph Lameter
2014-03-07 17:14 ` Christoph Lameter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5319649C.3060309@parallels.com \
--to=vdavydov@parallels.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux-foundation.org \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.