From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2E52CECAAA1 for ; Mon, 24 Oct 2022 13:56:25 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 77F5110E712; Mon, 24 Oct 2022 13:56:24 +0000 (UTC) Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by gabe.freedesktop.org (Postfix) with ESMTPS id 7052110E738 for ; Mon, 24 Oct 2022 13:52:07 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9A36CB81B73; Mon, 24 Oct 2022 13:52:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1728C433C1; Mon, 24 Oct 2022 13:52:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666619524; bh=QIHnXVxCIGETsd0dywR9WOXQe2R85leBxjgt9psJDlE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2H9OWmUuPXe1nsvDHzMz7pk28v9U01aePXWCqE/PYv8mU+b3XDQLri0CqGVaRsJz jDX3YxQNP/rC/SyUqCZ86yUqxIXbKkp05GDQaItPKZLX+Z/tQqtvt0HtDKDldCwU2Z RC0760eEL3DTVNddcLXXtAu1W45/R1VDk/n+VsGo= Date: Mon, 24 Oct 2022 15:52:56 +0200 From: Greg KH To: Yang Yingliang Subject: Re: [PATCH v2] kset: fix memory leak when kset_register() returns error Message-ID: References: <20221024121910.1169801-1-yangyingliang@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221024121910.1169801-1-yangyingliang@huawei.com> X-Mailman-Approved-At: Mon, 24 Oct 2022 13:56:21 +0000 X-BeenThere: amd-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion list for AMD gfx List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: rafael@kernel.org, qemu-devel@nongnu.org, liushixin2@huawei.com, joseph.qi@linux.alibaba.com, linux-mtd@lists.infradead.org, huangjianan@oppo.com, richard@nod.at, mark@fasheh.com, mst@redhat.com, amd-gfx@lists.freedesktop.org, luben.tuikov@amd.com, hsiangkao@linux.alibaba.com, somlo@cmu.edu, chao@kernel.org, jlbec@evilplan.org, jaegeuk@kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, alexander.deucher@amd.com, akpm@linux-foundation.org, linux-erofs@lists.ozlabs.org, ocfs2-devel@oss.oracle.com Errors-To: amd-gfx-bounces@lists.freedesktop.org Sender: "amd-gfx" On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote: > Inject fault while loading module, kset_register() may fail. > If it fails, the name allocated by kobject_set_name() which > is called before kset_register() is leaked, because refcount > of kobject is hold in kset_init(). > > As a kset may be embedded in a larger structure which needs > be freed in release() function or error path in callers, we > can not call kset_put() in kset_register(), or it will cause > double free, so just call kfree_const() to free the name and > set it to NULL. > > With this fix, the callers don't need to care about the name > freeing and call an extra kset_put() if kset_register() fails. > > Suggested-by: Luben Tuikov > Signed-off-by: Yang Yingliang > --- > v1 -> v2: > Free name inside of kset_register() instead of calling kset_put() > in drivers. > --- > lib/kobject.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/kobject.c b/lib/kobject.c > index a0b2dbfcfa23..3409a89c81e5 100644 > --- a/lib/kobject.c > +++ b/lib/kobject.c > @@ -834,6 +834,9 @@ EXPORT_SYMBOL_GPL(kobj_sysfs_ops); > /** > * kset_register() - Initialize and add a kset. > * @k: kset. > + * > + * NOTE: On error, the kset.kobj.name allocated by() kobj_set_name() > + * which is called before kset_register() in caller need be freed. This comment doesn't make any sense anymore. No caller needs to worry about this, right? > */ > int kset_register(struct kset *k) > { > @@ -844,8 +847,11 @@ int kset_register(struct kset *k) > > kset_init(k); > err = kobject_add_internal(&k->kobj); > - if (err) > + if (err) { > + kfree_const(k->kobj.name); > + k->kobj.name = NULL; Why are you setting the name here to NULL? thanks, greg k-h From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1D4A5C38A2D for ; Mon, 24 Oct 2022 13:52:20 +0000 (UTC) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4MwxMk2ZzFz3c16 for ; Tue, 25 Oct 2022 00:52:18 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=korg header.b=a2H9OWmU; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linuxfoundation.org (client-ip=145.40.68.75; helo=ams.source.kernel.org; envelope-from=gregkh@linuxfoundation.org; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=korg header.b=a2H9OWmU; dkim-atps=neutral Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4MwxMZ62D7z30NN for ; Tue, 25 Oct 2022 00:52:09 +1100 (AEDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9A36CB81B73; Mon, 24 Oct 2022 13:52:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1728C433C1; Mon, 24 Oct 2022 13:52:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666619524; bh=QIHnXVxCIGETsd0dywR9WOXQe2R85leBxjgt9psJDlE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2H9OWmUuPXe1nsvDHzMz7pk28v9U01aePXWCqE/PYv8mU+b3XDQLri0CqGVaRsJz jDX3YxQNP/rC/SyUqCZ86yUqxIXbKkp05GDQaItPKZLX+Z/tQqtvt0HtDKDldCwU2Z RC0760eEL3DTVNddcLXXtAu1W45/R1VDk/n+VsGo= Date: Mon, 24 Oct 2022 15:52:56 +0200 From: Greg KH To: Yang Yingliang Subject: Re: [PATCH v2] kset: fix memory leak when kset_register() returns error Message-ID: References: <20221024121910.1169801-1-yangyingliang@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221024121910.1169801-1-yangyingliang@huawei.com> X-BeenThere: linux-erofs@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development of Linux EROFS file system List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: rafael@kernel.org, qemu-devel@nongnu.org, liushixin2@huawei.com, joseph.qi@linux.alibaba.com, linux-mtd@lists.infradead.org, huangjianan@oppo.com, richard@nod.at, mark@fasheh.com, mst@redhat.com, amd-gfx@lists.freedesktop.org, luben.tuikov@amd.com, hsiangkao@linux.alibaba.com, somlo@cmu.edu, jlbec@evilplan.org, jaegeuk@kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, alexander.deucher@amd.com, akpm@linux-foundation.org, linux-erofs@lists.ozlabs.org, ocfs2-devel@oss.oracle.com Errors-To: linux-erofs-bounces+linux-erofs=archiver.kernel.org@lists.ozlabs.org Sender: "Linux-erofs" On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote: > Inject fault while loading module, kset_register() may fail. > If it fails, the name allocated by kobject_set_name() which > is called before kset_register() is leaked, because refcount > of kobject is hold in kset_init(). > > As a kset may be embedded in a larger structure which needs > be freed in release() function or error path in callers, we > can not call kset_put() in kset_register(), or it will cause > double free, so just call kfree_const() to free the name and > set it to NULL. > > With this fix, the callers don't need to care about the name > freeing and call an extra kset_put() if kset_register() fails. > > Suggested-by: Luben Tuikov > Signed-off-by: Yang Yingliang > --- > v1 -> v2: > Free name inside of kset_register() instead of calling kset_put() > in drivers. > --- > lib/kobject.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/kobject.c b/lib/kobject.c > index a0b2dbfcfa23..3409a89c81e5 100644 > --- a/lib/kobject.c > +++ b/lib/kobject.c > @@ -834,6 +834,9 @@ EXPORT_SYMBOL_GPL(kobj_sysfs_ops); > /** > * kset_register() - Initialize and add a kset. > * @k: kset. > + * > + * NOTE: On error, the kset.kobj.name allocated by() kobj_set_name() > + * which is called before kset_register() in caller need be freed. This comment doesn't make any sense anymore. No caller needs to worry about this, right? > */ > int kset_register(struct kset *k) > { > @@ -844,8 +847,11 @@ int kset_register(struct kset *k) > > kset_init(k); > err = kobject_add_internal(&k->kobj); > - if (err) > + if (err) { > + kfree_const(k->kobj.name); > + k->kobj.name = NULL; Why are you setting the name here to NULL? thanks, greg k-h From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A463FECAAA1 for ; Mon, 24 Oct 2022 13:52:25 +0000 (UTC) Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1omxsN-000704-JQ; Mon, 24 Oct 2022 13:52:23 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1omxsL-0006zj-F0 for linux-f2fs-devel@lists.sourceforge.net; Mon, 24 Oct 2022 13:52:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Type:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=4WiB3jTzOcy/T6gXm1iSeVeIuraRw6twHudoz+j2EAw=; b=K6lzd40ByY6A9YlQ7zMLLGyhdJ v1mb3nUOpDzNaHQdD4F2rWK0zw4TGJstVqJyBQsAbWSi1a3rW+sqVNJ0qUdMIQVb4u3H+xxrUCU9P IywYTaVyi3z3UZPkr0TIeSx49brQgn7IfUYua1eRw8K3u7PIRbnLZQlcO+acoPOQd3RM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To :From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4WiB3jTzOcy/T6gXm1iSeVeIuraRw6twHudoz+j2EAw=; b=GnhDidMRREYsB01+CXgmlBZz2c GttPn1VtGXWMbWP6VWdATw+ewImManMbGeZjkemRer5MDlEAkCXLIxeIuE4Qvy8sQxgxk0D6T8Me0 +aWFXipOGPhPoT/PzcSsQnam5d73qmy0oWoFqZmvFQFgL5mf5z7OFtiYzs+qkn3eXjoU=; Received: from ams.source.kernel.org ([145.40.68.75]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1omxsG-00FnT4-O1 for linux-f2fs-devel@lists.sourceforge.net; Mon, 24 Oct 2022 13:52:21 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9A36CB81B73; Mon, 24 Oct 2022 13:52:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1728C433C1; Mon, 24 Oct 2022 13:52:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666619524; bh=QIHnXVxCIGETsd0dywR9WOXQe2R85leBxjgt9psJDlE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2H9OWmUuPXe1nsvDHzMz7pk28v9U01aePXWCqE/PYv8mU+b3XDQLri0CqGVaRsJz jDX3YxQNP/rC/SyUqCZ86yUqxIXbKkp05GDQaItPKZLX+Z/tQqtvt0HtDKDldCwU2Z RC0760eEL3DTVNddcLXXtAu1W45/R1VDk/n+VsGo= Date: Mon, 24 Oct 2022 15:52:56 +0200 From: Greg KH To: Yang Yingliang Message-ID: References: <20221024121910.1169801-1-yangyingliang@huawei.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20221024121910.1169801-1-yangyingliang@huawei.com> X-Headers-End: 1omxsG-00FnT4-O1 Subject: Re: [f2fs-dev] [PATCH v2] kset: fix memory leak when kset_register() returns error X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: rafael@kernel.org, qemu-devel@nongnu.org, liushixin2@huawei.com, joseph.qi@linux.alibaba.com, linux-mtd@lists.infradead.org, richard@nod.at, mark@fasheh.com, mst@redhat.com, amd-gfx@lists.freedesktop.org, luben.tuikov@amd.com, hsiangkao@linux.alibaba.com, somlo@cmu.edu, jlbec@evilplan.org, jaegeuk@kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, alexander.deucher@amd.com, akpm@linux-foundation.org, linux-erofs@lists.ozlabs.org, ocfs2-devel@oss.oracle.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote: > Inject fault while loading module, kset_register() may fail. > If it fails, the name allocated by kobject_set_name() which > is called before kset_register() is leaked, because refcount > of kobject is hold in kset_init(). > > As a kset may be embedded in a larger structure which needs > be freed in release() function or error path in callers, we > can not call kset_put() in kset_register(), or it will cause > double free, so just call kfree_const() to free the name and > set it to NULL. > > With this fix, the callers don't need to care about the name > freeing and call an extra kset_put() if kset_register() fails. > > Suggested-by: Luben Tuikov > Signed-off-by: Yang Yingliang > --- > v1 -> v2: > Free name inside of kset_register() instead of calling kset_put() > in drivers. > --- > lib/kobject.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/kobject.c b/lib/kobject.c > index a0b2dbfcfa23..3409a89c81e5 100644 > --- a/lib/kobject.c > +++ b/lib/kobject.c > @@ -834,6 +834,9 @@ EXPORT_SYMBOL_GPL(kobj_sysfs_ops); > /** > * kset_register() - Initialize and add a kset. > * @k: kset. > + * > + * NOTE: On error, the kset.kobj.name allocated by() kobj_set_name() > + * which is called before kset_register() in caller need be freed. This comment doesn't make any sense anymore. No caller needs to worry about this, right? > */ > int kset_register(struct kset *k) > { > @@ -844,8 +847,11 @@ int kset_register(struct kset *k) > > kset_init(k); > err = kobject_add_internal(&k->kobj); > - if (err) > + if (err) { > + kfree_const(k->kobj.name); > + k->kobj.name = NULL; Why are you setting the name here to NULL? thanks, greg k-h _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 00A13FA3740 for ; Mon, 24 Oct 2022 13:52:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9j09rZHtERXY9RWv/CBjJ3pxq5ihZZSuniw6csVn8D4=; b=PVRjJKVbtaGlZU CqulssCnF9v2DOBa7QQSTmqScYb2k3KTMbiFKrXkvhsxyQstCsTTQcpVjc5RFBLgIk5P+xJW4RECl K9aYkiUr7KEmosMl/ksBvzzGrH+kcw7jNsZSO9zCgwhpvAFFRJnfl2HShjmgMs0Jym9vERzzRhVuc nm6kHJ/zvevSg7sVwXFw5xomz/YM9AbYTB9dLaO1SDGqOzaEkP+O/tC2hoUnXsv1cXH1am64nuSy0 fL0Jl4taieW5NFj2J644oZ/uqSpcHOefjakUe1bZYm3FWFRR7h+K+Ra5CitW7nW/fid9wsqxPpOl9 2cHqAO3ZybyBx9K9i+NQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1omxsA-001mML-JV; Mon, 24 Oct 2022 13:52:10 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1omxs7-001mLv-F4 for linux-mtd@lists.infradead.org; Mon, 24 Oct 2022 13:52:08 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9A36CB81B73; Mon, 24 Oct 2022 13:52:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1728C433C1; Mon, 24 Oct 2022 13:52:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666619524; bh=QIHnXVxCIGETsd0dywR9WOXQe2R85leBxjgt9psJDlE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2H9OWmUuPXe1nsvDHzMz7pk28v9U01aePXWCqE/PYv8mU+b3XDQLri0CqGVaRsJz jDX3YxQNP/rC/SyUqCZ86yUqxIXbKkp05GDQaItPKZLX+Z/tQqtvt0HtDKDldCwU2Z RC0760eEL3DTVNddcLXXtAu1W45/R1VDk/n+VsGo= Date: Mon, 24 Oct 2022 15:52:56 +0200 From: Greg KH To: Yang Yingliang Cc: linux-kernel@vger.kernel.org, qemu-devel@nongnu.org, linux-f2fs-devel@lists.sourceforge.net, linux-erofs@lists.ozlabs.org, ocfs2-devel@oss.oracle.com, linux-mtd@lists.infradead.org, amd-gfx@lists.freedesktop.org, rafael@kernel.org, somlo@cmu.edu, mst@redhat.com, jaegeuk@kernel.org, chao@kernel.org, hsiangkao@linux.alibaba.com, huangjianan@oppo.com, mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, akpm@linux-foundation.org, alexander.deucher@amd.com, luben.tuikov@amd.com, richard@nod.at, liushixin2@huawei.com Subject: Re: [PATCH v2] kset: fix memory leak when kset_register() returns error Message-ID: References: <20221024121910.1169801-1-yangyingliang@huawei.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20221024121910.1169801-1-yangyingliang@huawei.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221024_065207_677400_A3BBAE9A X-CRM114-Status: GOOD ( 23.02 ) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote: > Inject fault while loading module, kset_register() may fail. > If it fails, the name allocated by kobject_set_name() which > is called before kset_register() is leaked, because refcount > of kobject is hold in kset_init(). > > As a kset may be embedded in a larger structure which needs > be freed in release() function or error path in callers, we > can not call kset_put() in kset_register(), or it will cause > double free, so just call kfree_const() to free the name and > set it to NULL. > > With this fix, the callers don't need to care about the name > freeing and call an extra kset_put() if kset_register() fails. > > Suggested-by: Luben Tuikov > Signed-off-by: Yang Yingliang > --- > v1 -> v2: > Free name inside of kset_register() instead of calling kset_put() > in drivers. > --- > lib/kobject.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/kobject.c b/lib/kobject.c > index a0b2dbfcfa23..3409a89c81e5 100644 > --- a/lib/kobject.c > +++ b/lib/kobject.c > @@ -834,6 +834,9 @@ EXPORT_SYMBOL_GPL(kobj_sysfs_ops); > /** > * kset_register() - Initialize and add a kset. > * @k: kset. > + * > + * NOTE: On error, the kset.kobj.name allocated by() kobj_set_name() > + * which is called before kset_register() in caller need be freed. This comment doesn't make any sense anymore. No caller needs to worry about this, right? > */ > int kset_register(struct kset *k) > { > @@ -844,8 +847,11 @@ int kset_register(struct kset *k) > > kset_init(k); > err = kobject_add_internal(&k->kobj); > - if (err) > + if (err) { > + kfree_const(k->kobj.name); > + k->kobj.name = NULL; Why are you setting the name here to NULL? thanks, greg k-h ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/ From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc244.phx1.oracleemaildelivery.com (aib29ajc244.phx1.oracleemaildelivery.com [192.29.103.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 20162FA3741 for ; Mon, 24 Oct 2022 13:52:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=9kZ5/4RmxMi70ipe0cftnfCVV6rXXDxtOT6cYsafBZo=; b=Vz+kZDHxxGVawON79/zvdyHvrvb0JmPYAlfPSBxkajuOWbaHb3HBMbytCk5cOITKi3gWULE0kTU4 W1DfNMkDJsxbmWoTJ0sfc3q5YqLjorwAhhBFAH/DeWiP2qaE6plYjrlACnQ4/BC6tig7cF/fYtKO ddaqbftXSzRMdIOpIu9chcxnZye6wLhR1dVRgOcJbOvlSMEAw+HOrRLp+v+/RiG2mm1vZyxO++oS xfx1qfOzQSN2LZ6n8V6QzU20FO2wtT/pnByTKrLdxaJRV8NhW+Z+xN587MOH9KbtiD0J/chBdWPB IxzYrWbyLNiADCVIPVteiP3fYXaXdowFBlOlEw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=9kZ5/4RmxMi70ipe0cftnfCVV6rXXDxtOT6cYsafBZo=; b=DzmxSWspHG653RkvePEEaeuOiWLG0WedndW+3mvpwzVWSpEBdWxWNCGjUaSFExvzOpLzvwRGNWzj NGE2/FLQ06+VOGWMnQMNMl1p7IdSFZ8mOZtjpyMQk8GFizsPoBl+p3l2YpCCFUkG8TU9ujf6h20/ kXCbFqQiBNTkdkR5Bq2k5LWnM5M03cBfVVI6pvKa19Mdrvb2WZ4GywO+4Gd6sOLMrHAm0hcoa9zi GuCLAAphj5iW99A/VMsWjp+x0LTwNQfndipQLj0DZww6KZRBfnGwjOXaiRtKyrqmep+7slkimLYL +92TSehzdSBbcOQNkwXzjAMUNTTrb5LyuYdKAw== Received: by omta-ad1-fd1-101-us-phoenix-1.omtaad1.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20220914 64bit (built Sep 14 2022)) with ESMTPS id <0RK900GEPFV935B0@omta-ad1-fd1-101-us-phoenix-1.omtaad1.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Mon, 24 Oct 2022 13:52:21 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666619524; bh=QIHnXVxCIGETsd0dywR9WOXQe2R85leBxjgt9psJDlE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2H9OWmUuPXe1nsvDHzMz7pk28v9U01aePXWCqE/PYv8mU+b3XDQLri0CqGVaRsJz jDX3YxQNP/rC/SyUqCZ86yUqxIXbKkp05GDQaItPKZLX+Z/tQqtvt0HtDKDldCwU2Z RC0760eEL3DTVNddcLXXtAu1W45/R1VDk/n+VsGo= Date: Mon, 24 Oct 2022 15:52:56 +0200 To: Yang Yingliang Message-id: References: <20221024121910.1169801-1-yangyingliang@huawei.com> MIME-version: 1.0 Content-disposition: inline In-reply-to: <20221024121910.1169801-1-yangyingliang@huawei.com> X-Source-IP: 145.40.68.75 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10510 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 impostorscore=0 clxscore=200 mlxscore=0 adultscore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 spamscore=0 suspectscore=0 priorityscore=628 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210240085 Cc: rafael@kernel.org, qemu-devel@nongnu.org, liushixin2@huawei.com, linux-mtd@lists.infradead.org, huangjianan@oppo.com, richard@nod.at, mst@redhat.com, amd-gfx@lists.freedesktop.org, luben.tuikov@amd.com, hsiangkao@linux.alibaba.com, somlo@cmu.edu, chao@kernel.org, jaegeuk@kernel.org, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, alexander.deucher@amd.com, linux-erofs@lists.ozlabs.org, ocfs2-devel@oss.oracle.com Subject: Re: [Ocfs2-devel] [PATCH v2] kset: fix memory leak when kset_register() returns error X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Greg KH via Ocfs2-devel Reply-to: Greg KH Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-ServerName: ams.source.kernel.org X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:72.55.140.81 ip4:52.25.139.140 ip4:139.178.84.217 ip6:2604:1380:4641:c500::1 ip4:145.40.68.75 ip6:2604:1380:4601:e00::1 ip4:145.40.73.55 ip6:2604:1380:40e1:4800::1 include:_spf.google.com include:amazonses.com include:_spf.salesforce.com -all X-Spam: Clean X-Proofpoint-GUID: dvzmNm9UQdHXvn3zGXWOBYJYJ7PYPov7 X-Proofpoint-ORIG-GUID: dvzmNm9UQdHXvn3zGXWOBYJYJ7PYPov7 Reporting-Meta: AAFnv5RMUpXhKzmf+p8lmLy5XPBEWJYJNSicruXAhiJX8tCiPaERJoYFkmjIMZrf xcyfLIs4tiF0un5mOchuAK+jrDxLW7ntJeVkPBo3gsWkigAPS0NCvI/zQxP7M82O 9cfXEXhEcl32pHElLsDP/TXVFho1DxqgeAd6jJzx7yqGhycfRbSwaMZNu7rV/lKw w5LDoHcIpufvYp4STB/2jJHEGYEPVVtv+5ceGRWSig4EmJiUMFGh83/+TD2fVH8o xWX/veuvndB5I9Z/igoi2oD7kQ4G7i89pqnfiLEp2v6JygBwxvYsT3g+zWh+wU+X ybjnqKJB0+wxhFJnB1F++hOGvpGUY3i9e8Bxc7ellpLmw2UAKS4tYQSM0Pgo52eL 9paN6CdY5rRweVJu0VYmRkeLwZpFTb/JLmwuotuRYgY43aWGeDQSbEjPC9jR8f3x nVQrdfM2YNjBZzR12nkG0gwOM+xbEH36gfJnLkaSz00MLUKSJQMlUsKS4yBM8RSj 2bMLJ+dUYYSIO9inDcSvuIRSLEWDumi7SbyNsheiw8k= On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote: > Inject fault while loading module, kset_register() may fail. > If it fails, the name allocated by kobject_set_name() which > is called before kset_register() is leaked, because refcount > of kobject is hold in kset_init(). > > As a kset may be embedded in a larger structure which needs > be freed in release() function or error path in callers, we > can not call kset_put() in kset_register(), or it will cause > double free, so just call kfree_const() to free the name and > set it to NULL. > > With this fix, the callers don't need to care about the name > freeing and call an extra kset_put() if kset_register() fails. > > Suggested-by: Luben Tuikov > Signed-off-by: Yang Yingliang > --- > v1 -> v2: > Free name inside of kset_register() instead of calling kset_put() > in drivers. > --- > lib/kobject.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/kobject.c b/lib/kobject.c > index a0b2dbfcfa23..3409a89c81e5 100644 > --- a/lib/kobject.c > +++ b/lib/kobject.c > @@ -834,6 +834,9 @@ EXPORT_SYMBOL_GPL(kobj_sysfs_ops); > /** > * kset_register() - Initialize and add a kset. > * @k: kset. > + * > + * NOTE: On error, the kset.kobj.name allocated by() kobj_set_name() > + * which is called before kset_register() in caller need be freed. This comment doesn't make any sense anymore. No caller needs to worry about this, right? > */ > int kset_register(struct kset *k) > { > @@ -844,8 +847,11 @@ int kset_register(struct kset *k) > > kset_init(k); > err = kobject_add_internal(&k->kobj); > - if (err) > + if (err) { > + kfree_const(k->kobj.name); > + k->kobj.name = NULL; Why are you setting the name here to NULL? thanks, greg k-h _______________________________________________ Ocfs2-devel mailing list Ocfs2-devel@oss.oracle.com https://oss.oracle.com/mailman/listinfo/ocfs2-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83FD5FA3741 for ; Mon, 24 Oct 2022 16:46:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234973AbiJXQqE (ORCPT ); Mon, 24 Oct 2022 12:46:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234764AbiJXQor (ORCPT ); Mon, 24 Oct 2022 12:44:47 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBE4014138A for ; Mon, 24 Oct 2022 08:30:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9C664B81B75 for ; Mon, 24 Oct 2022 13:52:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1728C433C1; Mon, 24 Oct 2022 13:52:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666619524; bh=QIHnXVxCIGETsd0dywR9WOXQe2R85leBxjgt9psJDlE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2H9OWmUuPXe1nsvDHzMz7pk28v9U01aePXWCqE/PYv8mU+b3XDQLri0CqGVaRsJz jDX3YxQNP/rC/SyUqCZ86yUqxIXbKkp05GDQaItPKZLX+Z/tQqtvt0HtDKDldCwU2Z RC0760eEL3DTVNddcLXXtAu1W45/R1VDk/n+VsGo= Date: Mon, 24 Oct 2022 15:52:56 +0200 From: Greg KH To: Yang Yingliang Cc: linux-kernel@vger.kernel.org, qemu-devel@nongnu.org, linux-f2fs-devel@lists.sourceforge.net, linux-erofs@lists.ozlabs.org, ocfs2-devel@oss.oracle.com, linux-mtd@lists.infradead.org, amd-gfx@lists.freedesktop.org, rafael@kernel.org, somlo@cmu.edu, mst@redhat.com, jaegeuk@kernel.org, chao@kernel.org, hsiangkao@linux.alibaba.com, huangjianan@oppo.com, mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, akpm@linux-foundation.org, alexander.deucher@amd.com, luben.tuikov@amd.com, richard@nod.at, liushixin2@huawei.com Subject: Re: [PATCH v2] kset: fix memory leak when kset_register() returns error Message-ID: References: <20221024121910.1169801-1-yangyingliang@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221024121910.1169801-1-yangyingliang@huawei.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 24, 2022 at 08:19:10PM +0800, Yang Yingliang wrote: > Inject fault while loading module, kset_register() may fail. > If it fails, the name allocated by kobject_set_name() which > is called before kset_register() is leaked, because refcount > of kobject is hold in kset_init(). > > As a kset may be embedded in a larger structure which needs > be freed in release() function or error path in callers, we > can not call kset_put() in kset_register(), or it will cause > double free, so just call kfree_const() to free the name and > set it to NULL. > > With this fix, the callers don't need to care about the name > freeing and call an extra kset_put() if kset_register() fails. > > Suggested-by: Luben Tuikov > Signed-off-by: Yang Yingliang > --- > v1 -> v2: > Free name inside of kset_register() instead of calling kset_put() > in drivers. > --- > lib/kobject.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/kobject.c b/lib/kobject.c > index a0b2dbfcfa23..3409a89c81e5 100644 > --- a/lib/kobject.c > +++ b/lib/kobject.c > @@ -834,6 +834,9 @@ EXPORT_SYMBOL_GPL(kobj_sysfs_ops); > /** > * kset_register() - Initialize and add a kset. > * @k: kset. > + * > + * NOTE: On error, the kset.kobj.name allocated by() kobj_set_name() > + * which is called before kset_register() in caller need be freed. This comment doesn't make any sense anymore. No caller needs to worry about this, right? > */ > int kset_register(struct kset *k) > { > @@ -844,8 +847,11 @@ int kset_register(struct kset *k) > > kset_init(k); > err = kobject_add_internal(&k->kobj); > - if (err) > + if (err) { > + kfree_const(k->kobj.name); > + k->kobj.name = NULL; Why are you setting the name here to NULL? thanks, greg k-h