Skip to content
Snippets Groups Projects
Commit 8ad0934c authored by Ryusuke Konishi's avatar Ryusuke Konishi Committed by Yongqiang Liu
Browse files

nilfs2: fix leak of nilfs_root in case of writer thread creation failure 

mainline inclusion
from mainline-v6.1-rc1
commit d0d51a97063db4704a5ef6bc978dddab1636a306
category: bugfix
bugzilla: 187884, https://gitee.com/src-openeuler/kernel/issues/I5X2OB
CVE: CVE-2022-3646

--------------------------------

If nilfs_attach_log_writer() failed to create a log writer thread, it
frees a data structure of the log writer without any cleanup.  After
commit e912a5b6 ("nilfs2: use root object to get ifile"), this causes
a leak of struct nilfs_root, which started to leak an ifile metadata inode
and a kobject on that struct.

In addition, if the kernel is booted with panic_on_warn, the above
ifile metadata inode leak will cause the following panic when the
nilfs2 kernel module is removed:

  kmem_cache_destroy nilfs2_inode_cache: Slab cache still has objects when
  called from nilfs_destroy_cachep+0x16/0x3a [nilfs2]
  WARNING: CPU: 8 PID: 1464 at mm/slab_common.c:494 kmem_cache_destroy+0x138/0x140
  ...
  RIP: 0010...
parent e6db4754
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 4 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment