Re: Bug in sysfs_break_active_protection()

From: Tejun Heo
Date: Wed Mar 13 2024 - 16:21:30 EST

Next message: Sasha Levin: "Re: [PATCH 5.15 00/76] 5.15.152-rc1 review"
Previous message: Mateusz Jończyk: "Re: [PATCH 6.1 00/71] 6.1.82-rc1 review"
Next in thread: Alan Stern: "[PATCH] fs: sysfs: Fix reference leak in sysfs_break_active_protection()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sorry about late reply.

On Mon, Mar 04, 2024 at 02:17:27PM -0500, Alan Stern wrote:
..
> struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj,
> const struct attribute *attr)
> {
> struct kernfs_node *kn;
>
> kobject_get(kobj);
> kn = kernfs_find_and_get(kobj->sd, attr->name);
> if (kn)
> kernfs_break_active_protection(kn);
> return kn;
> }
..
> If kn is NULL then the kobject_get(kobj) reference is never dropped.
> It looks like this could happen if two processes want to unregister the
> same kobject at the same time.
>
> Shouldn't sysfs_break_active_protection() do this?
>
> kobject_get(kobj);
> kn = kernfs_find_and_get(kobj->sd, attr->name);
> if (kn)
> kernfs_break_active_protection(kn);
> + else
> + kobject_put(kobj);
> return kn;

Yeah, I think you're right. It's an obvious ref leak. Would you mind writing
up a patch?

Thank you.

--
tejun

Next message: Sasha Levin: "Re: [PATCH 5.15 00/76] 5.15.152-rc1 review"
Previous message: Mateusz Jończyk: "Re: [PATCH 6.1 00/71] 6.1.82-rc1 review"
Next in thread: Alan Stern: "[PATCH] fs: sysfs: Fix reference leak in sysfs_break_active_protection()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]