Re: [PATCH] nilfs2: Fix reference count leak in nilfs_sysfs_create_device_group
From: Ryusuke Konishi
Date: Wed May 27 2020 - 18:21:39 EST
Qiushi Wu,
Can we call kobject_del() instead of kobject_put() when
kobject_init_and_add() failed ?
If it's unclear, I think we should fix this by
calling kobject_put() when kobject_init_and_add() fails, and
goto free_dev_subgroups.
Regards,
On Thu, May 28, 2020 at 5:10 AM <wu000273@xxxxxxx> wrote:
>
> From: Qiushi Wu <wu000273@xxxxxxx>
>
> kobject_init_and_add() takes reference even when it fails.
> In nilfs_sysfs_create_device_group(), the memory allocated by
> kobject_init_and_add() is not freed when kobject_init_and_add()
> fails. Thus replace the jump target "free_dev_subgroups" by
> "cleanup_dev_kobject".
>
> Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/<device> group")
> Signed-off-by: Qiushi Wu <wu000273@xxxxxxx>
> ---
> fs/nilfs2/sysfs.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
> index e60be7bb55b0..4a74756d52fe 100644
> --- a/fs/nilfs2/sysfs.c
> +++ b/fs/nilfs2/sysfs.c
> @@ -1000,7 +1000,7 @@ int nilfs_sysfs_create_device_group(struct super_block *sb)
> err = kobject_init_and_add(&nilfs->ns_dev_kobj, &nilfs_dev_ktype, NULL,
> "%s", sb->s_id);
> if (err)
> - goto free_dev_subgroups;
> + goto cleanup_dev_kobject;
>
> err = nilfs_sysfs_create_mounted_snapshots_group(nilfs);
> if (err)
> @@ -1038,8 +1038,6 @@ int nilfs_sysfs_create_device_group(struct super_block *sb)
>
> cleanup_dev_kobject:
> kobject_del(&nilfs->ns_dev_kobj);
> -
> -free_dev_subgroups:
> kfree(nilfs->ns_dev_subgroups);
>
> failed_create_device_group:
> --
> 2.17.1
>