msm-4.14

mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00

History

Wang Hai 5f68457ed1 mm/slub: fix a memory leak in sysfs_slab_add()

commit dde3c6b72a16c2db826f54b2d49bdea26c3534a2 upstream.

syzkaller reports for memory leak when kobject_init_and_add() returns an
error in the function sysfs_slab_add() [1]

When this happened, the function kobject_put() is not called for the
corresponding kobject, which potentially leads to memory leak.

This patch fixes the issue by calling kobject_put() even if
kobject_init_and_add() fails.

[1]
  BUG: memory leak
  unreferenced object 0xffff8880a6d4be88 (size 8):
  comm "syz-executor.3", pid 946, jiffies 4295772514 (age 18.396s)
  hex dump (first 8 bytes):
    70 69 64 5f 33 00 ff ff                          pid_3...
  backtrace:
     kstrdup+0x35/0x70 mm/util.c:60
     kstrdup_const+0x3d/0x50 mm/util.c:82
     kvasprintf_const+0x112/0x170 lib/kasprintf.c:48
     kobject_set_name_vargs+0x55/0x130 lib/kobject.c:289
     kobject_add_varg lib/kobject.c:384 [inline]
     kobject_init_and_add+0xd8/0x170 lib/kobject.c:473
     sysfs_slab_add+0x1d8/0x290 mm/slub.c:5811
     __kmem_cache_create+0x50a/0x570 mm/slub.c:4384
     create_cache+0x113/0x1e0 mm/slab_common.c:407
     kmem_cache_create_usercopy+0x1a1/0x260 mm/slab_common.c:505
     kmem_cache_create+0xd/0x10 mm/slab_common.c:564
     create_pid_cachep kernel/pid_namespace.c:54 [inline]
     create_pid_namespace kernel/pid_namespace.c:96 [inline]
     copy_pid_ns+0x77c/0x8f0 kernel/pid_namespace.c:148
     create_new_namespaces+0x26b/0xa30 kernel/nsproxy.c:95
     unshare_nsproxy_namespaces+0xa7/0x1e0 kernel/nsproxy.c:229
     ksys_unshare+0x3d2/0x770 kernel/fork.c:2969
     __do_sys_unshare kernel/fork.c:3037 [inline]
     __se_sys_unshare kernel/fork.c:3035 [inline]
     __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3035
     do_syscall_64+0xa1/0x530 arch/x86/entry/common.c:295

Fixes: 80da026a8e5d ("mm/slub: fix slab double-free in case of duplicate sysfs filename")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Link: http://lkml.kernel.org/r/20200602115033.1054-1-wanghai38@huawei.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2020-06-20 10:25:05 +02:00

kasan

kasan: fix shadow_size calculation error in kasan_module_alloc

2018-08-24 13:09:12 +02:00

backing-dev.c

writeback: synchronize sync(2) against cgroup writeback membership switches

2019-03-05 17:58:01 +01:00

balloon_compaction.c

virtio_balloon: fix deadlock on OOM

2018-10-13 09:27:30 +02:00

bootmem.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

cleancache.c

fs: switch ->s_uuid to uuid_t

2017-06-05 16:59:12 +02:00

cma_debug.c

mm/cma_debug.c: fix the break condition in cma_maxchunk_get()

2019-06-15 11:54:51 +02:00

cma.c

mm/cma.c: fail if fixed declaration can't be honored

2019-08-06 19:05:23 +02:00

cma.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

compaction.c

mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone

2019-10-05 12:48:13 +02:00

debug_page_ref.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

debug.c

mm: get rid of vmacache_flush_all() entirely

2018-09-19 22:43:48 +02:00

dmapool.c

…

early_ioremap.c

mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep

2018-02-25 11:08:03 +01:00

fadvise.c

mm/fadvise.c: fix signed overflow UBSAN complaint

2018-09-15 09:45:28 +02:00

failslab.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

filemap.c

mm/filemap.c: don't initiate writeback if mapping has no dirty pages

2019-11-12 19:18:46 +01:00

frame_vector.c

mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'

2018-03-03 10:24:21 +01:00

frontswap.c

…

gup.c

mm/gup.c: remove some BUG_ONs from get_gate_page()

2019-07-31 07:28:56 +02:00

highmem.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

hmm.c

mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL

2019-01-13 10:01:02 +01:00

huge_memory.c

mm, thp: fix defrag setting if newline is not used

2020-03-11 18:02:55 +01:00

hugetlb_cgroup.c

mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()

2019-11-20 17:59:33 +01:00

hugetlb.c

mm/hugetlb: fix a addressing exception caused by huge_pte_offset

2020-05-02 17:24:21 +02:00

hwpoison-inject.c

mm: hwpoison: call shake_page() unconditionally

2017-05-03 15:52:12 -07:00

init-mm.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

internal.h

vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n

2019-12-05 15:37:51 +01:00

interval_tree.c

lib/interval_tree: fast overlap detection

2017-09-08 18:26:49 -07:00

Kconfig

mm/hmm: select mmu notifier when selecting HMM

2019-06-15 11:54:51 +02:00

Kconfig.debug

kmemcheck: rip it out

2018-02-22 15:42:24 +01:00

khugepaged.c

coredump: fix race condition between collapse_huge_page() and core dumping

2019-06-22 08:16:19 +02:00

kmemleak-test.c

…

kmemleak.c

mm/kmemleak.c: fix check for softirq context

2019-07-31 07:28:55 +02:00

ksm.c

mm/ksm: fix NULL pointer dereference when KSM zero page is enabled

2020-05-02 17:24:22 +02:00

list_lru.c

mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node

2019-06-19 08:20:54 +02:00

maccess.c

…

madvise.c

mm: madvise(MADV_DODUMP): allow hugetlbfs pages

2018-10-10 08:54:22 +02:00

Makefile

kmemcheck: rip it out

2018-02-22 15:42:24 +01:00

memblock.c

Revert "mm: page_alloc: skip over regions of invalid pfns where possible"

2018-03-28 18:24:39 +02:00

memcontrol.c

memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event

2020-04-02 16:34:19 +02:00

memory_hotplug.c

mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span()

2019-12-01 09:14:18 +01:00

memory-failure.c

mm: hwpoison: fix thp split handing in soft_offline_in_use_page()

2019-03-23 14:35:24 +01:00

memory.c

mm/memory.c: fix modifying of page protection by insert_pfn()

2019-05-16 19:42:31 +02:00

mempolicy.c

mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

2020-04-13 10:34:28 +02:00

mempool.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

memtest.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

migrate.c

mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate

2019-04-03 06:25:20 +02:00

mincore.c

mm/mincore.c: make mincore() more conservative

2019-05-21 18:50:16 +02:00

mlock.c

mm/mlock.c: change count_mm_mlocked_page_nr return type

2019-07-10 09:54:36 +02:00

mm_init.c

…

mmap.c

arm64: Revert support for execute-only user mappings

2020-01-09 10:17:56 +01:00

mmu_context.c

…

mmu_notifier.c

mm/mmu_notifier: use hlist_add_head_rcu()

2019-07-31 07:28:56 +02:00

mmzone.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

mprotect.c

mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa

2020-03-11 18:03:02 +01:00

mremap.c

mm: Fix mremap not considering huge pmd devmap

2020-06-11 09:22:57 +02:00

msync.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

nobootmem.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

nommu.c

x86/mm: split vmalloc_sync_all()

2020-04-02 16:34:20 +02:00

oom_kill.c

memcg, oom: don't require __GFP_FS when invoking memcg OOM killer

2019-10-05 12:48:09 +02:00

page_alloc.c

mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()

2020-05-20 08:16:58 +02:00

page_counter.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

page_ext.c

mm/page_ext.c: fix an imbalance with kmemleak

2019-04-05 22:31:27 +02:00

page_idle.c

mm/page_idle.c: fix oops because end_pfn is larger than max_pfn

2019-07-03 13:15:59 +02:00

page_io.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

page_isolation.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

page_owner.c

mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo

2019-10-29 09:17:39 +01:00

page_poison.c

page_poison: play nicely with KASAN

2019-04-05 22:31:28 +02:00

page_vma_mapped.c

mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly

2018-11-13 11:15:08 -08:00

page-writeback.c

mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()

2020-01-23 08:20:32 +01:00

pagewalk.c

mm/pagewalk.c: report holes in hugetlb ranges

2017-11-24 08:37:04 +01:00

percpu-internal.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

percpu-km.c

percpu: convert spin_lock_irq to spin_lock_irqsave.

2019-02-12 19:46:05 +01:00

percpu-stats.c

percpu: fix starting offset for chunk statistics traversal

2017-09-27 14:45:57 -07:00

percpu-vm.c

percpu: add __GFP_NORETRY semantics to the percpu balancing path

2018-04-08 14:26:29 +02:00

percpu.c

percpu: do not search past bitmap when allocating an area

2019-06-15 11:54:59 +02:00

pgtable-generic.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

process_vm_access.c

…

quicklist.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

readahead.c

readahead: stricter check for bdi io_pages

2018-09-09 19:55:53 +02:00

rmap.c

mm: migration: fix migration of huge PMD shared pages

2018-10-13 09:27:22 +02:00

rodata_test.c

mm: fix RODATA_TEST failure "rodata_test: test data was not read only"

2017-10-03 17:54:24 -07:00

shmem.c

shmem: fix possible deadlocks on shmlock_user_lock

2020-05-20 08:17:04 +02:00

slab_common.c

mm: don't warn about large allocations for slab

2018-12-01 09:42:51 +01:00

slab.c

mm/slab.c: fix an infinite loop in leaks_show()

2019-06-15 11:54:51 +02:00

slab.h

kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK

2018-02-22 15:42:23 +01:00

slob.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

slub.c

mm/slub: fix a memory leak in sysfs_slab_add()

2020-06-20 10:25:05 +02:00

sparse-vmemmap.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

sparse.c

mm: sections are not offlined during memory hotremove

2018-05-16 10:10:27 +02:00

swap_cgroup.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

swap_slots.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

swap_state.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

swap.c

mm: avoid marking swap cached page as lazyfree

2017-10-03 17:54:24 -07:00

swapfile.c

mm/swap: use nr_node_ids for avail_lists in swap_info_struct

2019-01-26 09:37:06 +01:00

truncate.c

mm: cleancache: fix corruption on missed inode invalidation

2018-12-08 13:03:40 +01:00

usercopy.c

usercopy: Avoid HIGHMEM pfn warning

2019-10-11 18:18:34 +02:00

userfaultfd.c

hugetlb: use same fault hash key for shared and private mappings

2019-05-31 06:47:12 -07:00

util.c

mm: add kvfree_sensitive() for freeing sensitive data objects

2020-06-20 10:24:59 +02:00

vmacache.c

mm: get rid of vmacache_flush_all() entirely

2018-09-19 22:43:48 +02:00

vmalloc.c

mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()

2020-06-03 08:18:11 +02:00

vmpressure.c

mm, vmpressure: pass-through notification support

2017-07-10 16:32:31 -07:00

vmscan.c

mm/vmscan.c: don't round up scan size for online memory cgroup

2020-02-28 16:36:12 +01:00

vmstat.c

mm/vmstat.c: fix NUMA statistics updates

2019-12-17 20:37:57 +01:00

workingset.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

z3fold.c

z3fold: fix possible reclaim races

2018-12-01 09:42:54 +01:00

zbud.c

…

zpool.c

…

zsmalloc.c

mm/zsmalloc.c: fix the migrated zspage statistics.

2020-01-09 10:17:54 +01:00

zswap.c

zswap: re-check zswap_is_full() after do zswap_shrink()

2018-09-05 09:26:30 +02:00