| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Mar 2021 12:49:32 -0700
From: Minchan Kim <minchan@...nel.org>
To: Dmitry Osipenko <digetx@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
linux-mm <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>, gregkh@...uxfoundation.org,
surenb@...gle.com, joaodias@...gle.com, jhubbard@...dia.com,
willy@...radead.org
Subject: Re: [PATCH] mm: cma: fix corruption cma_sysfs_alloc_pages_count
On Wed, Mar 24, 2021 at 10:43:49PM +0300, Dmitry Osipenko wrote:
> 24.03.2021 22:20, Minchan Kim пишет:
> > static int __init cma_sysfs_init(void)
> > {
> > - int i = 0;
> > + struct kobject *cma_kobj_root;
> > + struct cma_kobject *cma_kobj;
> > struct cma *cma;
> > + unsigned int i;
>
> > while (--i >= 0) {
>
> Do you realize that this doesn't work anymore?
>
> > cma = &cma_areas[i];
> > - kobject_put(&cma->stat->kobj);
> > - }
> >
> > - kfree(cma_stats);
> > - kobject_put(cma_kobj);
> > + kobject_put(&cma->cma_kobj->kobj);
> > + kfree(cma->cma_kobj);
>
> Freeing a null pointer?
Need coffee.
diff --git a/mm/cma_sysfs.c b/mm/cma_sysfs.c
index a670a80aad6f..73463be08df7 100644
--- a/mm/cma_sysfs.c
+++ b/mm/cma_sysfs.c
@@ -79,8 +79,7 @@ static int __init cma_sysfs_init(void)
struct kobject *cma_kobj_root;
struct cma_kobject *cma_kobj;
struct cma *cma;
- unsigned int i;
- int err;
+ int i, err;
cma_kobj_root = kobject_create_and_add("cma", mm_kobj);
if (!cma_kobj_root)
@@ -108,10 +107,7 @@ static int __init cma_sysfs_init(void)
out:
while (--i >= 0) {
cma = &cma_areas[i];
-
kobject_put(&cma->cma_kobj->kobj);
- kfree(cma->cma_kobj);
- cma->cma_kobj = NULL;
}
kobject_put(cma_kobj_root);
Powered by blists - more mailing lists