From patchwork Mon Oct 18 22:15:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12568193 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CA60C4332F for ; Mon, 18 Oct 2021 22:15:55 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4271D6115A for ; Mon, 18 Oct 2021 22:15:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4271D6115A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id DC2AD900002; Mon, 18 Oct 2021 18:15:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D4C00940007; Mon, 18 Oct 2021 18:15:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C14D6900006; Mon, 18 Oct 2021 18:15:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0056.hostedemail.com [216.40.44.56]) by kanga.kvack.org (Postfix) with ESMTP id B1C12900002 for ; Mon, 18 Oct 2021 18:15:54 -0400 (EDT) Received: from smtpin37.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 76A63181AEF0B for ; Mon, 18 Oct 2021 22:15:54 +0000 (UTC) X-FDA: 78710966628.37.A9268A2 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf09.hostedemail.com (Postfix) with ESMTP id 966C33000100 for ; Mon, 18 Oct 2021 22:15:52 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id E7349610FB; Mon, 18 Oct 2021 22:15:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1634595353; bh=U0Actcc/OSh9cQh2yHQNzWE9Mg940651b9NgdX1qHss=; h=Date:From:To:Subject:In-Reply-To:From; b=zJOpAmT44JuMJ3erkV5blFnpiD6yVVfQRRTiadnsZbEDPiuwl/nGrSZx274W4lLAi gNrwmT79y2NW+FRqyV+HPsywhwzhVu00iPMzt8kO0Hifj7eaca8fxuuRWsWLd3mQjc X9/AabEHdn2oKxjPWpt9wZfMAsQOOGvvaxARsBho= Date: Mon, 18 Oct 2021 15:15:52 -0700 From: Andrew Morton To: akpm@linux-foundation.org, andreyknvl@gmail.com, bharata@linux.ibm.com, cl@linux.com, faiyazm@codeaurora.org, gregkh@linuxfoundation.org, guro@fb.com, iamjoonsoo.kim@lge.com, keescook@chromium.org, linmiaohe@huawei.com, linux-mm@kvack.org, mm-commits@vger.kernel.org, penberg@kernel.org, rientjes@google.com, ryabinin.a.a@gmail.com, stable@vger.kernel.org, torvalds@linux-foundation.org, vbabka@suse.cz Subject: [patch 10/19] mm, slub: fix two bugs in slab_debug_trace_open() Message-ID: <20211018221552.EuQq8HNNO%akpm@linux-foundation.org> In-Reply-To: <20211018151438.f2246e2656c041b6753a8bdd@linux-foundation.org> User-Agent: s-nail v14.8.16 X-Rspamd-Queue-Id: 966C33000100 Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=zJOpAmT4; spf=pass (imf09.hostedemail.com: domain of akpm@linux-foundation.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-Stat-Signature: 3gmnrx77xq88zfp549pezq3qtuzcpx16 X-Rspamd-Server: rspam05 X-HE-Tag: 1634595352-515536 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Miaohe Lin Subject: mm, slub: fix two bugs in slab_debug_trace_open() Patch series "Fixups for slub". This series contains various bug fixes for slub. We fix memoryleak, use-afer-free, NULL pointer dereferencing and so on in slub. More details can be found in the respective changelogs. This patch (of 5): It's possible that __seq_open_private() will return NULL. So we should check it before using lest dereferencing NULL pointer. And in error paths, we forgot to release private buffer via seq_release_private(). Memory will leak in these paths. Link: https://lkml.kernel.org/r/20210916123920.48704-1-linmiaohe@huawei.com Link: https://lkml.kernel.org/r/20210916123920.48704-2-linmiaohe@huawei.com Fixes: 64dd68497be7 ("mm: slub: move sysfs slab alloc/free interfaces to debugfs") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Greg Kroah-Hartman Cc: Faiyaz Mohammed Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Kees Cook Cc: Bharata B Rao Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton --- mm/slub.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/mm/slub.c~mm-slub-fix-two-bugs-in-slab_debug_trace_open +++ a/mm/slub.c @@ -6108,9 +6108,14 @@ static int slab_debug_trace_open(struct struct kmem_cache *s = file_inode(filep)->i_private; unsigned long *obj_map; + if (!t) + return -ENOMEM; + obj_map = bitmap_alloc(oo_objects(s->oo), GFP_KERNEL); - if (!obj_map) + if (!obj_map) { + seq_release_private(inode, filep); return -ENOMEM; + } if (strcmp(filep->f_path.dentry->d_name.name, "alloc_traces") == 0) alloc = TRACK_ALLOC; @@ -6119,6 +6124,7 @@ static int slab_debug_trace_open(struct if (!alloc_loc_track(t, PAGE_SIZE / sizeof(struct location), GFP_KERNEL)) { bitmap_free(obj_map); + seq_release_private(inode, filep); return -ENOMEM; }