mm/slub: fix slab double-free in case of duplicate sysfs filename
sysfs_slab_add() shouldn't call kobject_put at error path: this puts last reference of kmem-cache kobject and frees it. Kmem cache will be freed second time at error path in kmem_cache_create(). For example this happens when slub debug was enabled in runtime and somebody creates new kmem cache: # echo 1 | tee /sys/kernel/slab/*/sanity_checks # modprobe configfs "configfs_dir_cache" cannot be merged because existing slab have debug and cannot create new slab because unique name ":t-0000096" already taken. Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Acked-by: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@kernel.org> Acked-by: David Rientjes <rientjes@google.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
588f8ba913
commit
80da026a8e
|
@ -5283,7 +5283,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
|
|||
s->kobj.kset = cache_kset(s);
|
||||
err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
|
||||
if (err)
|
||||
goto out_put_kobj;
|
||||
goto out;
|
||||
|
||||
err = sysfs_create_group(&s->kobj, &slab_attr_group);
|
||||
if (err)
|
||||
|
@ -5310,8 +5310,6 @@ static int sysfs_slab_add(struct kmem_cache *s)
|
|||
return err;
|
||||
out_del_kobj:
|
||||
kobject_del(&s->kobj);
|
||||
out_put_kobj:
|
||||
kobject_put(&s->kobj);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue