superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/fs
History
Chen Zhongjin c72eb6e6e4 configfs: fix possible memory leak in configfs_create_dir() 
[ Upstream commit c65234b283 ]

kmemleak reported memory leaks in configfs_create_dir():

unreferenced object 0xffff888009f6af00 (size 192):
  comm "modprobe", pid 3777, jiffies 4295537735 (age 233.784s)
  backtrace:
    kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273)
    new_fragment (./include/linux/slab.h:600 fs/configfs/dir.c:163)
    configfs_register_subsystem (fs/configfs/dir.c:1857)
    basic_write (drivers/hwtracing/stm/p_basic.c:14) stm_p_basic
    do_one_initcall (init/main.c:1296)
    do_init_module (kernel/module/main.c:2455)
    ...

unreferenced object 0xffff888003ba7180 (size 96):
  comm "modprobe", pid 3777, jiffies 4295537735 (age 233.784s)
  backtrace:
    kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273)
    configfs_new_dirent (./include/linux/slab.h:723 fs/configfs/dir.c:194)
    configfs_make_dirent (fs/configfs/dir.c:248)
    configfs_create_dir (fs/configfs/dir.c:296)
    configfs_attach_group.isra.28 (fs/configfs/dir.c:816 fs/configfs/dir.c:852)
    configfs_register_subsystem (fs/configfs/dir.c:1881)
    basic_write (drivers/hwtracing/stm/p_basic.c:14) stm_p_basic
    do_one_initcall (init/main.c:1296)
    do_init_module (kernel/module/main.c:2455)
    ...

This is because the refcount is not correct in configfs_make_dirent().
For normal stage, the refcount is changing as:

configfs_register_subsystem()
  configfs_create_dir()
    configfs_make_dirent()
      configfs_new_dirent() # set s_count = 1
      dentry->d_fsdata = configfs_get(sd); # s_count = 2
...
configfs_unregister_subsystem()
  configfs_remove_dir()
    remove_dir()
      configfs_remove_dirent() # s_count = 1
    dput() ...
      *dentry_unlink_inode()*
        configfs_d_iput() # s_count = 0, release

However, if we failed in configfs_create():

configfs_register_subsystem()
  configfs_create_dir()
    configfs_make_dirent() # s_count = 2
    ...
    configfs_create() # fail
    ->out_remove:
    configfs_remove_dirent(dentry)
      configfs_put(sd) # s_count = 1
      return PTR_ERR(inode);

There is no inode in the error path, so the configfs_d_iput() is lost
and makes sd and fragment memory leaked.

To fix this, when we failed in configfs_create(), manually call
configfs_put(sd) to keep the refcount correct.

Fixes: 7063fbf226 ("[PATCH] configfs: User-driven configuration filesystem")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-12-31 13:32:22 +01:00
..
9p
adfs
affs affs: move from strlcpy with unused retval to strscpy 2022-08-19 13:03:10 +02:00
afs afs: Fix server->active leak in afs_put_server 2022-11-30 10:02:37 -08:00
autofs autofs: remove unused ino field inode 2022-07-17 17:31:42 -07:00
befs befs: Convert befs_symlink_read_folio() to use a folio 2022-08-02 12:34:03 -04:00
bfs
btrfs for-6.1-rc6-tag 2022-11-25 13:24:05 -08:00
cachefiles cachefiles: use vfs_tmpfile_open() helper 2022-09-24 07:00:00 +02:00
ceph ceph: fix NULL pointer dereference for req->r_session 2022-11-14 10:29:05 +01:00
cifs cifs: fix oops during encryption 2022-12-21 17:48:11 +01:00
coda coda: Convert coda_symlink_filler() to use a folio 2022-08-02 12:34:03 -04:00
configfs configfs: fix possible memory leak in configfs_create_dir() 2022-12-31 13:32:22 +01:00
cramfs cramfs: read_mapping_page() is synchronous 2022-08-02 12:34:02 -04:00
crypto fscrypt: fix keyring memory leak on mount failure 2022-10-19 20:54:43 -07:00
debugfs debugfs: fix error when writing negative value to atomic_t debugfs file 2022-12-31 13:31:58 +01:00
devpts
dlm Networking changes for 6.1. 2022-10-04 13:38:03 -07:00
ecryptfs whack-a-mole: constifying struct path * 2022-10-06 17:31:02 -07:00
efivarfs efi: efivars: Fix variable writes without query_variable_store() 2022-10-21 11:09:40 +02:00
efs
erofs erofs: validate the extent length for uncompressed pclusters 2022-12-31 13:31:59 +01:00
exfat treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
exportfs Change calling conventions for filldir_t 2022-08-17 17:25:04 -04:00
ext2 treewide: use prandom_u32_max() when possible, part 2 2022-10-11 17:42:58 -06:00
ext4 ext4: fix use-after-free in ext4_ext_shift_extents 2022-11-07 12:53:43 -05:00
f2fs Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
fat treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
freevxfs freevxfs: Convert vxfs_immed_read_folio() to use a folio 2022-08-02 12:34:03 -04:00
fscache fscache: Fix oops due to race with cookie_lru and use_cookie 2022-12-07 11:49:18 -08:00
fuse fuse: lock inode unconditionally in fuse_fallocate() 2022-11-23 09:10:42 +01:00
gfs2 gfs2 debugfs improvements 2022-10-10 20:13:22 -07:00
hfs hfs: Fix OOB Write in hfs_asc2mac 2022-12-31 13:32:00 +01:00
hfsplus hfsplus: convert kmap() to kmap_local_page() in btree.c 2022-09-11 21:55:05 -07:00
hostfs hostfs: move from strlcpy with unused retval to strscpy 2022-09-19 22:46:25 +02:00
hpfs
hugetlbfs hugetlbfs: don't delete error page from pagecache 2022-11-08 15:57:22 -08:00
iomap iomap: add a tracepoint for mappings returned by map_blocks 2022-10-02 11:42:19 -07:00
isofs - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
jbd2 - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
jffs2 mtd: always initialize 'stats' in struct mtd_oob_ops 2022-09-21 10:38:07 +02:00
jfs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
kernfs kernfs: Fix spurious lockdep warning in kernfs_find_and_get_node_by_id() 2022-11-10 19:03:42 +01:00
ksmbd vfs: fix copy_file_range() averts filesystem freeze protection 2022-11-25 00:52:28 -05:00
lockd lockd: set other missing fields when unlocking files 2022-12-31 13:32:00 +01:00
minix vfs: open inside ->tmpfile() 2022-09-24 07:00:00 +02:00
netfs netfs: Fix dodgy maths 2022-11-15 16:56:07 +00:00
nfs NFS: Fix an Oops in nfs_d_automount() 2022-12-31 13:32:18 +01:00
nfs_common
nfsd NFSD: pass range end to vfs_fsync_range() instead of count 2022-12-31 13:32:00 +01:00
nilfs2 nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() 2022-11-30 14:49:40 -08:00
nls
notify Merge tag 'fsnotify-for_v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2022-10-07 08:28:50 -07:00
ntfs - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
ntfs3 treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
ocfs2 ocfs2: fix memory leak in ocfs2_mount_volume() 2022-12-31 13:31:58 +01:00
omfs
openpromfs
orangefs Orangefs: change iterate to iterate_shared 2022-10-13 09:56:14 -07:00
overlayfs ovl: remove privs in ovl_fallocate() 2022-12-31 13:31:54 +01:00
proc proc/meminfo: fix spacing in SecPageTables 2022-11-22 18:50:44 -08:00
pstore pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP 2022-12-31 13:31:54 +01:00
qnx4
qnx6 fs/qnx6: delete unnecessary checks before brelse() 2022-09-11 21:55:07 -07:00
quota quota: Add more checking after reading from quota file 2022-09-29 15:37:30 +02:00
ramfs tmpfile API change 2022-10-10 19:45:17 -07:00
reiserfs - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
romfs
smbfs_common smb3: define missing create contexts 2022-10-05 01:55:27 -05:00
squashfs squashfs: fix buffer release race condition in readahead code 2022-10-28 13:37:21 -07:00
sysfs
sysv fs: sysv: Fix sysv_nblocks() returns wrong value 2022-12-31 13:32:00 +01:00
tracefs tracefs: Only clobber mode/uid/gid on remount if asked 2022-09-08 17:10:54 -04:00
ubifs Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
udf udf: Fix extending file within last block 2022-12-21 17:48:06 +01:00
ufs ufs: replace ll_rw_block() 2022-09-11 20:26:07 -07:00
unicode
vboxsf
verity for-6.1-tag 2022-10-06 17:36:48 -07:00
xfs xfs: rename XFS_REFC_COW_START to _COWFLAG 2022-10-31 08:58:22 -07:00
zonefs zonefs: Fix active zone accounting 2022-11-25 17:01:22 +09:00
Kconfig hugetlb: make hugetlb depends on SYSFS or SYSCTL 2022-09-11 20:26:10 -07:00
Kconfig.binfmt Xtensa updates for v6.1 2022-10-10 14:21:11 -07:00
Makefile a.out: Remove the a.out implementation 2022-09-27 07:11:02 -07:00
aio.c aio: use atomic_try_cmpxchg in __get_reqs_available 2022-09-11 21:55:08 -07:00
anon_inodes.c dynamic_dname(): drop unused dentry argument 2022-08-20 11:34:04 -04:00
attr.c vfs: Check the truncate maximum size in inode_newsize_ok() 2022-08-08 10:39:29 -07:00
bad_inode.c vfs: open inside ->tmpfile() 2022-09-24 07:00:00 +02:00
binfmt_elf.c fs/binfmt_elf: Fix memory leak in load_elf_binary() 2022-10-25 15:11:21 -07:00
binfmt_elf_fdpic.c
binfmt_elf_test.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
buffer.c - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
char_dev.c
compat_binfmt_elf.c
coredump.c - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
d_path.c d_path.c: typo fix... 2022-08-20 11:34:33 -04:00
dax.c Merge branch 'for-6.0/dax' into libnvdimm-fixes 2022-09-24 18:14:12 -07:00
dcache.c tmpfile API change 2022-10-10 19:45:17 -07:00
direct-io.c block: remove PSI accounting from the bio layer 2022-09-20 08:24:38 -06:00
drop_caches.c
eventfd.c eventfd: guard wake_up in eventfd fs calls as well 2022-09-21 10:30:42 -06:00
eventpoll.c epoll: use try_cmpxchg in list_add_tail_lockless 2022-09-11 21:55:07 -07:00
exec.c 23 hotfixes. 2022-10-29 17:49:33 -07:00
fcntl.c
fhandle.c do_sys_name_to_handle(): constify path 2022-09-01 17:36:39 -04:00
file.c fs: use acquire ordering in __fget_light() 2022-10-31 15:30:11 -04:00
file_table.c locks: fix TOCTOU race when granting write lease 2022-08-16 10:59:54 -04:00
filesystems.c
fs-writeback.c fs: do not update freeing inode i_io_list 2022-11-22 17:00:00 -05:00
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c saner inode_init_always() 2022-10-06 16:49:00 -07:00
internal.h whack-a-mole: constifying struct path * 2022-10-06 17:31:02 -07:00
ioctl.c
kernel_read_file.c
libfs.c libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value 2022-12-31 13:31:58 +01:00
locks.c locks: Fix dropped call to ->fl_release_private() 2022-08-17 15:08:58 -04:00
mbcache.c mbcache: Avoid nesting of cache->c_list_lock under bit locks 2022-09-30 23:46:52 -04:00
mount.h
mpage.c Folio changes for 6.0 2022-08-03 10:35:43 -07:00
namei.c vfs: vfs_tmpfile: ensure O_EXCL flag is enforced 2022-11-19 02:22:11 -05:00
namespace.c fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts 2022-08-17 11:27:11 +02:00
no-block.c
nsfs.c dynamic_dname(): drop unused dentry argument 2022-08-20 11:34:04 -04:00
open.c struct file-related stuff 2022-10-06 17:13:18 -07:00
pipe.c dynamic_dname(): drop unused dentry argument 2022-08-20 11:34:04 -04:00
pnode.c
pnode.h
posix_acl.c - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
proc_namespace.c
read_write.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-11-25 00:52:28 -05:00
readdir.c Change calling conventions for filldir_t 2022-08-17 17:25:04 -04:00
remap_range.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
select.c
seq_file.c
signalfd.c
splice.c iter_to_pipe(): switch to advancing variant of iov_iter_get_pages() 2022-08-08 22:37:23 -04:00
stack.c
stat.c vfs: support STATX_DIOALIGN on block devices 2022-09-11 19:47:12 -05:00
statfs.c
super.c fscrypt: fix keyring memory leak on mount failure 2022-10-19 20:54:43 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() 2022-11-07 12:58:26 -08:00
utimes.c
xattr.c fs: don't audit the capability check in simple_xattr_list() 2022-12-31 13:31:55 +01:00