linux

mirror of https://github.com/hardkernel/linux.git synced 2026-06-06 10:58:48 +09:00

Files

Tejun Heo 1cb3de83ab block: fix double-free in the failure path of cgwb_bdi_init()

commit 5f478e4ea5 upstream.

When !CONFIG_CGROUP_WRITEBACK, bdi has single bdi_writeback_congested
at bdi->wb_congested.  cgwb_bdi_init() allocates it with kzalloc() and
doesn't do further initialization.  This usually works fine as the
reference count gets bumped to 1 by wb_init() and the put from
wb_exit() releases it.

However, when wb_init() fails, it puts the wb base ref automatically
freeing the wb and the explicit kfree() in cgwb_bdi_init() error path
ends up trying to free the same pointer the second time causing a
double-free.

Fix it by explicitly initilizing the refcnt to 1 and putting the base
ref from cgwb_bdi_destroy().

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: a13f35e871 ("writeback: don't embed root bdi_writeback_congested in bdi_writeback")
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2017-02-26 11:10:52 +01:00

kasan

kasan: support use-after-scope detection

2016-11-30 16:32:52 -08:00

backing-dev.c

block: fix double-free in the failure path of cgwb_bdi_init()

2017-02-26 11:10:52 +01:00

balloon_compaction.c

mm: balloon: use general non-lru movable page feature

2016-07-26 16:19:19 -07:00

bootmem.c

mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping

2016-10-11 15:06:33 -07:00

cleancache.c

cleancache: constify cleancache_ops structure

2016-01-27 09:09:57 -05:00

cma_debug.c

mm/cma_debug: correct size input to bitmap function

2015-07-17 16:39:54 -07:00

cma.c

mm/cma.c: check the max limit for cma allocation

2016-11-11 08:12:37 -08:00

cma.h

mm: cma: mark cma_bitmap_maxno() inline in header

2015-08-14 15:56:32 -07:00

compaction.c

mm, compaction: fix NR_ISOLATED_* stats for pfn based migration

2017-01-12 11:39:32 +01:00

debug_page_ref.c

mm/page_ref: add tracepoint to track down page reference manipulation

2016-03-17 15:09:34 -07:00

debug.c

mm: clarify why we avoid page_mapcount() for slab pages in dump_page()

2016-10-07 18:46:29 -07:00

dmapool.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

early_ioremap.c

mm/early_ioremap: use offset_in_page macro

2015-11-05 19:34:48 -08:00

fadvise.c

mm/fadvise.c: do not discard partial pages with POSIX_FADV_DONTNEED

2016-06-09 14:23:11 -07:00

failslab.c

mm: fault-inject take over bootstrap kmem_cache check

2016-03-15 16:55:16 -07:00

filemap.c

mm, fs: check for fatal signals in do_generic_file_read()

2017-02-09 08:08:28 +01:00

frame_vector.c

mm: replace get_vaddr_frames() write/force parameters with gup_flags

2016-10-19 08:11:24 -07:00

frontswap.c

mm, frontswap: convert frontswap_enabled to static key

2016-07-26 16:19:19 -07:00

gup.c

mm: unexport __get_user_pages()

2016-10-24 19:13:20 -07:00

highmem.c

mm/highmem: make nr_free_highpages() handles all highmem zones by itself

2016-05-19 19:12:14 -07:00

huge_memory.c

mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp

2017-02-01 08:33:04 +01:00

hugetlb_cgroup.c

mm, hugetlb_cgroup: round limit_in_bytes down to hugepage size

2016-05-20 17:58:30 -07:00

hugetlb.c

mm/hugetlb.c: fix reservation race when freeing surplus pages

2017-01-19 20:17:59 +01:00

hwpoison-inject.c

hwpoison: use page_cgroup_ino for filtering by memcg

2015-09-10 13:29:01 -07:00

init-mm.c

mm: Add a user_ns owner to mm_struct and fix ptrace permission checks

2017-01-06 10:40:13 +01:00

internal.h

mm, compaction: make full priority ignore pageblock suitability

2016-10-07 18:46:29 -07:00

interval_tree.c

mm: replace vma->sharead.linear with vma->shared

2015-02-10 14:30:31 -08:00

Kconfig

Allow KASAN and HOTPLUG_MEMORY to co-exist when doing build testing

2016-10-27 16:23:01 -07:00

Kconfig.debug

PM / Hibernate: allow hibernation with PAGE_POISONING_ZERO

2016-09-13 02:35:27 +02:00

khugepaged.c

mm: khugepaged: fix radix tree node leak in shmem collapse error path

2017-01-12 11:39:32 +01:00

kmemcheck.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

kmemleak-test.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

kmemleak.c

mm: kmemleak: scan .data.ro_after_init

2016-11-11 08:12:37 -08:00

ksm.c

mm,ksm: add __GFP_HIGH to the allocation in alloc_stable_node()

2016-10-07 18:46:29 -07:00

list_lru.c

mm/list_lru.c: avoid error-path NULL pointer deref

2016-10-27 18:43:42 -07:00

maccess.c

x86: remove more uaccess_32.h complexity

2016-05-22 17:21:27 -07:00

madvise.c

mm: make mmap_sem for write waits killable for mm syscalls

2016-05-23 17:04:14 -07:00

Makefile

Disable the __builtin_return_address() warning globally after all

2016-10-12 10:23:41 -07:00

memblock.c

mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping

2016-10-11 15:06:33 -07:00

memcontrol.c

mm, memcg: do not retry precharge charges

2017-02-01 08:33:14 +01:00

memory_hotplug.c

base/memory, hotplug: fix a kernel oops in show_valid_zones()

2017-02-09 08:08:28 +01:00

memory-failure.c

mm: hwpoison: fix thp split handling in memory_failure()

2016-11-11 08:12:37 -08:00

memory.c

ptrace: Don't allow accessing an undumpable mm

2017-01-06 10:40:13 +01:00

mempolicy.c

mm/mempolicy.c: do not put mempolicy before using its nodemask

2017-02-01 08:33:04 +01:00

mempool.c

Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements"

2016-07-28 16:07:41 -07:00

memtest.c

memtest: remove unused header files

2015-09-08 15:35:28 -07:00

migrate.c

mm, compaction: fix NR_ISOLATED_* stats for pfn based migration

2017-01-12 11:39:32 +01:00

mincore.c

mm, swap: use offset of swap entry as key of swap cache

2016-10-07 18:46:28 -07:00

mlock.c

thp: fix corner case of munlock() of PTE-mapped THPs

2016-11-30 16:32:52 -08:00

mm_init.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

mmap.c

mm: vma_merge: correct false positive from __vma_unlink->validate_mm_rb

2016-10-07 18:46:29 -07:00

mmu_context.c

mm/mmu_context, sched/core: Fix mmu_context.h assumption

2016-04-28 11:44:19 +02:00

mmu_notifier.c

fix Christoph's email addresses

2016-03-17 15:09:34 -07:00

mmzone.c

mm, page_alloc: inline the fast path of the zonelist iterator

2016-05-19 19:12:14 -07:00

mprotect.c

mm/numa: Remove duplicated include from mprotect.c

2016-10-19 17:28:48 +02:00

mremap.c

mremap: move_ptes: check pte dirty after its removal

2016-11-29 08:20:24 -08:00

msync.c

mm/msync: use offset_in_page macro

2015-11-05 19:34:48 -08:00

nobootmem.c

mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping

2016-10-11 15:06:33 -07:00

nommu.c

ptrace: Don't allow accessing an undumpable mm

2017-01-06 10:40:13 +01:00

oom_kill.c

oom: print nodemask in the oom report

2016-10-07 18:46:29 -07:00

page_alloc.c

mm, page_alloc: fix premature OOM when racing with cpuset mems update

2017-02-01 08:33:05 +01:00

page_counter.c

mm: page_counter: let page_counter_try_charge() return bool

2015-11-05 19:34:48 -08:00

page_ext.c

mm/page_ext: support extra space allocation by page_ext user

2016-10-07 18:46:27 -07:00

page_idle.c

mm, vmscan: move lru_lock to the node

2016-07-28 16:07:41 -07:00

page_io.c

mm/page_io.c: replace some BUG_ON()s with VM_BUG_ON_PAGE()

2016-10-07 18:46:29 -07:00

page_isolation.c

mm/page_isolation: fix typo: "paes" -> "pages"

2016-10-07 18:46:29 -07:00

page_owner.c

mm/page_owner: don't define fields on struct page_ext by hard-coding

2016-10-07 18:46:27 -07:00

page_poison.c

mm: check the return value of lookup_page_ext for all call sites

2016-06-03 15:06:22 -07:00

page-writeback.c

mm: don't use radix tree writeback tags for pages in swap cache

2016-10-07 18:46:28 -07:00

pagewalk.c

thp: rename split_huge_page_pmd() to split_huge_pmd()

2016-01-15 17:56:32 -08:00

percpu-km.c

mm: percpu: use pr_fmt to prefix output

2016-03-17 15:09:34 -07:00

percpu-vm.c

percpu: move region iterations out of pcpu_[de]populate_chunk()

2014-09-02 14:46:02 -04:00

percpu.c

mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk()

2016-10-05 11:52:55 -04:00

pgtable-generic.c

mm/thp/migration: switch from flush_tlb_range to flush_pmd_tlb_range

2016-03-17 15:09:34 -07:00

process_vm_access.c

mm: remove write/force parameters from __get_user_pages_unlocked()

2016-10-18 14:13:37 -07:00

quicklist.c

fix Christoph's email addresses

2016-03-17 15:09:34 -07:00

readahead.c

mm: silently skip readahead for DAX inodes

2016-08-26 17:39:35 -07:00

rmap.c

rmap: fix compound check logic in page_remove_file_rmap

2016-08-10 16:40:56 -07:00

shmem.c

shmem: fix shm fallocate() list corruption

2016-12-06 08:59:05 -08:00

slab_common.c

memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB

2016-11-11 08:12:37 -08:00

slab.c

mm/slab.c: fix SLAB freelist randomization duplicate entries

2017-01-19 20:17:59 +01:00

slab.h

mm/slab: improve performance of gathering slabinfo stats

2016-10-27 18:43:43 -07:00

slob.c

mm: slab: free kmem_cache_node after destroy sysfs file

2016-02-18 16:23:24 -08:00

slub.c

mm/slub.c: fix random_seq offset destruction

2017-02-14 15:25:35 -08:00

sparse-vmemmap.c

treewide: replace obsolete _refok by __ref

2016-08-02 17:31:41 -04:00

sparse.c

treewide: replace obsolete _refok by __ref

2016-08-02 17:31:41 -04:00

swap_cgroup.c

mm: convert printk(KERN_<LEVEL> to pr_<level>

2016-03-17 15:09:34 -07:00

swap_state.c

mm, swap: use offset of swap entry as key of swap cache

2016-10-07 18:46:28 -07:00

swap.c

thp: reduce usage of huge zero page's atomic counter

2016-10-07 18:46:28 -07:00

swapfile.c

mm: support anonymous stable page

2017-01-19 20:17:59 +01:00

truncate.c

mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb

2016-11-30 16:32:52 -08:00

usercopy.c

mm: usercopy: Check for module addresses

2016-09-20 16:07:39 -07:00

userfaultfd.c

mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros

2016-04-04 10:41:08 -07:00

util.c

Merge branch 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2016-10-22 09:39:10 -07:00

vmacache.c

mm: unrig VMA cache hit ratio

2016-10-07 18:46:27 -07:00

vmalloc.c

mm: consolidate warn_alloc_failed users

2016-10-07 18:46:29 -07:00

vmpressure.c

mm/vmpressure.c: fix subtree pressure detection

2016-02-03 08:28:43 -08:00

vmscan.c

mm, memcg: fix the active list aging for lowmem requests when memcg is enabled

2017-01-19 20:17:59 +01:00

vmstat.c

seq/proc: modify seq_put_decimal_[u]ll to take a const char *, not char

2016-10-07 18:46:30 -07:00

workingset.c

mm: workingset: fix NULL ptr in count_shadow_nodes

2016-12-02 18:48:03 -08:00

z3fold.c

mm/z3fold.c: avoid modifying HEADLESS page and minor cleanup

2016-06-03 16:02:55 -07:00

zbud.c

mm/zbud.c: use list_last_entry() instead of list_tail_entry()

2016-01-15 11:40:52 -08:00

zpool.c

mm: zsmalloc: constify struct zs_pool name

2015-11-06 17:50:42 -08:00

zsmalloc.c

zsmalloc: Delete an unnecessary check before the function call "iput"

2016-07-28 16:07:41 -07:00

zswap.c

zswap: disable changing params if init fails

2017-02-09 08:08:27 +01:00