Re: [PATCH] mm: cma: fix corruption cma_sysfs_alloc_pages_count

From: Minchan Kim <minchan@kernel.org>
To: Dmitry Osipenko <digetx@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	linux-mm <linux-mm@kvack.org>,
	LKML <linux-kernel@vger.kernel.org>,
	gregkh@linuxfoundation.org, surenb@google.com,
	joaodias@google.com, jhubbard@nvidia.com, willy@infradead.org
Subject: Re: [PATCH] mm: cma: fix corruption cma_sysfs_alloc_pages_count
Date: Wed, 24 Mar 2021 12:49:32 -0700	[thread overview]
Message-ID: <YFuXzC1cKqJzhwA4@google.com> (raw)
In-Reply-To: <18ee5c3e-fba2-0d8d-bd93-5fb8d0dd7a01@gmail.com>

On Wed, Mar 24, 2021 at 10:43:49PM +0300, Dmitry Osipenko wrote:
> 24.03.2021 22:20, Minchan Kim пишет:
> >  static int __init cma_sysfs_init(void)
> >  {
> > -	int i = 0;
> > +	struct kobject *cma_kobj_root;
> > +	struct cma_kobject *cma_kobj;
> >  	struct cma *cma;
> > +	unsigned int i;
> 
> >  	while (--i >= 0) {
> 
> Do you realize that this doesn't work anymore?
> 
> >  		cma = &cma_areas[i];
> > -		kobject_put(&cma->stat->kobj);
> > -	}
> >  
> > -	kfree(cma_stats);
> > -	kobject_put(cma_kobj);
> > +		kobject_put(&cma->cma_kobj->kobj);
> > +		kfree(cma->cma_kobj);
> 
> Freeing a null pointer?

Need coffee.

diff --git a/mm/cma_sysfs.c b/mm/cma_sysfs.c
index a670a80aad6f..73463be08df7 100644
--- a/mm/cma_sysfs.c
+++ b/mm/cma_sysfs.c
@@ -79,8 +79,7 @@ static int __init cma_sysfs_init(void)
        struct kobject *cma_kobj_root;
        struct cma_kobject *cma_kobj;
        struct cma *cma;
-       unsigned int i;
-       int err;
+       int i, err;

        cma_kobj_root = kobject_create_and_add("cma", mm_kobj);
        if (!cma_kobj_root)
@@ -108,10 +107,7 @@ static int __init cma_sysfs_init(void)
 out:
        while (--i >= 0) {
                cma = &cma_areas[i];
-
                kobject_put(&cma->cma_kobj->kobj);
-               kfree(cma->cma_kobj);
-               cma->cma_kobj = NULL;
        }
        kobject_put(cma_kobj_root);



