lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YFuXzC1cKqJzhwA4@google.com>
Date:   Wed, 24 Mar 2021 12:49:32 -0700
From:   Minchan Kim <minchan@...nel.org>
To:     Dmitry Osipenko <digetx@...il.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        linux-mm <linux-mm@...ck.org>,
        LKML <linux-kernel@...r.kernel.org>, gregkh@...uxfoundation.org,
        surenb@...gle.com, joaodias@...gle.com, jhubbard@...dia.com,
        willy@...radead.org
Subject: Re: [PATCH] mm: cma: fix corruption cma_sysfs_alloc_pages_count

On Wed, Mar 24, 2021 at 10:43:49PM +0300, Dmitry Osipenko wrote:
> 24.03.2021 22:20, Minchan Kim пишет:
> >  static int __init cma_sysfs_init(void)
> >  {
> > -	int i = 0;
> > +	struct kobject *cma_kobj_root;
> > +	struct cma_kobject *cma_kobj;
> >  	struct cma *cma;
> > +	unsigned int i;
> 
> >  	while (--i >= 0) {
> 
> Do you realize that this doesn't work anymore?
> 
> >  		cma = &cma_areas[i];
> > -		kobject_put(&cma->stat->kobj);
> > -	}
> >  
> > -	kfree(cma_stats);
> > -	kobject_put(cma_kobj);
> > +		kobject_put(&cma->cma_kobj->kobj);
> > +		kfree(cma->cma_kobj);
> 
> Freeing a null pointer?

Need coffee.
 
diff --git a/mm/cma_sysfs.c b/mm/cma_sysfs.c
index a670a80aad6f..73463be08df7 100644
--- a/mm/cma_sysfs.c
+++ b/mm/cma_sysfs.c
@@ -79,8 +79,7 @@ static int __init cma_sysfs_init(void)
        struct kobject *cma_kobj_root;
        struct cma_kobject *cma_kobj;
        struct cma *cma;
-       unsigned int i;
-       int err;
+       int i, err;

        cma_kobj_root = kobject_create_and_add("cma", mm_kobj);
        if (!cma_kobj_root)
@@ -108,10 +107,7 @@ static int __init cma_sysfs_init(void)
 out:
        while (--i >= 0) {
                cma = &cma_areas[i];
-
                kobject_put(&cma->cma_kobj->kobj);
-               kfree(cma->cma_kobj);
-               cma->cma_kobj = NULL;
        }
        kobject_put(cma_kobj_root);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ