From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18157C433DB for ; Wed, 24 Feb 2021 20:08:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB29864F19 for ; Wed, 24 Feb 2021 20:08:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234782AbhBXUIJ (ORCPT ); Wed, 24 Feb 2021 15:08:09 -0500 Received: from mail.kernel.org ([198.145.29.99]:59674 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235297AbhBXUHb (ORCPT ); Wed, 24 Feb 2021 15:07:31 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id E71EE64E09; Wed, 24 Feb 2021 20:06:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1614197211; bh=J4QGtsY8ILAfV/w1Blb+s7AsW7JGQBezZGKqktjAZhs=; h=Date:From:To:Subject:In-Reply-To:From; b=wSmCWyLEhWJWVdnzUfgqGegdt2RckQ3k4YGF/QtH5exNZCEG3BTtMrLhe2EmNLBLb zZC3E1N6jWKMx98BEKXbeTK7uCrZU8gQhHtgLz0qN2j7F0N8Xm0TWomhVsS7mTUvfA 40t0/n3PgaYeUtl4APaB+HFZIzYYLFnUVGfcPKhI= Date: Wed, 24 Feb 2021 12:06:50 -0800 From: Andrew Morton To: akpm@linux-foundation.org, linmiaohe@huawei.com, linux-mm@kvack.org, mike.kravetz@oracle.com, mm-commits@vger.kernel.org, smuchun@gmail.com, torvalds@linux-foundation.org Subject: [patch 113/173] mm/hugetlb: fix potential double free in hugetlb_register_node() error path Message-ID: <20210224200650.z-aOHWadP%akpm@linux-foundation.org> In-Reply-To: <20210224115824.1e289a6895087f10c41dd8d6@linux-foundation.org> User-Agent: s-nail v14.8.16 Precedence: bulk Reply-To: linux-kernel@vger.kernel.org List-ID: X-Mailing-List: mm-commits@vger.kernel.org From: Miaohe Lin Subject: mm/hugetlb: fix potential double free in hugetlb_register_node() error path In hugetlb_sysfs_add_hstate(), we would do kobject_put() on hstate_kobjs when failed to create sysfs group but forget to set hstate_kobjs to NULL. Then in hugetlb_register_node() error path, we may free it again via hugetlb_unregister_node(). Link: https://lkml.kernel.org/r/20210107123249.36964-1-linmiaohe@huawei.com Fixes: a3437870160c ("hugetlb: new sysfs interface") Signed-off-by: Miaohe Lin Reviewed-by: Mike Kravetz Reviewed-by: Muchun Song Signed-off-by: Andrew Morton --- mm/hugetlb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-potential-double-free-in-hugetlb_register_node-error-path +++ a/mm/hugetlb.c @@ -2988,8 +2988,10 @@ static int hugetlb_sysfs_add_hstate(stru return -ENOMEM; retval = sysfs_create_group(hstate_kobjs[hi], hstate_attr_group); - if (retval) + if (retval) { kobject_put(hstate_kobjs[hi]); + hstate_kobjs[hi] = NULL; + } return retval; } _