Re: [PATCH] mm/slab: fix probable issue of dentries registration under /sys/kernel/slab

[Harry Yoo]

On 5/21/26 8:24 PM, Vladimir Zapolskiy wrote:
> Harry,
>
> On 5/20/26 06:42, Harry Yoo wrote:
> > On 5/20/26 10:10 AM, Vladimir Zapolskiy wrote:
> > > L2TP/IP and L2TP/IPv6 protocol names contain a slash symbol, however 
> > > these
> > > names are blindly used as symlinks to slab cache objects registered 
> > > under
> > > /sys/kernel/slab. This kind of symlink creation is successful, but its
> > > dentry is obviously broken, as well it breaks the access to the list of
> > > /sys/kernel/slab dentries.
> >
> > Oops. I just loaded l2tp_ip module and it indeed broke it.
> >
> > $ ls
> > ls: reading directory '.': Input/output error
> > :0000136/                        kmalloc-rnd-01-16/   kmalloc-rnd-15-32/
> > :0000192/                        kmalloc-rnd-02-512/  memdup_user-32/
> > :0000560/                        kmalloc-rnd-06-192/  memdup_user-4k/
> > :0000768/                        kmalloc-rnd-06-512/  pde_opener@
> > :a-0000168/                      kmalloc-rnd-07-4k/   pidfs_xattr_cache@
> > :A-0000184/                      kmalloc-rnd-11-8/    RAWv6/
> > audit_buffer@                    kmalloc-rnd-11-96/   rpc_inode_cache/
> > configfs_dir_cache@              kmalloc-rnd-12-4k/   task_delay_info@
> > ecryptfs_global_auth_tok_cache@  kmalloc-rnd-13-128/  TCPv6/
> > fscache_cookie_jar@              kmalloc-rnd-14-96/
> > io_kiocb/                        kmalloc-rnd-15-2k/
> >
> > > Likely L2TP protocol renames cannot be done, since the defined protocol
> > > names are exposed over /proc/net/protocols for years, but the symlink
> > > names can be renamed, because they are yet to be properly created, and
> > > this should be eventually done by this change.
> > >
> > > The problem manifests itself, if CONFIG_L2TP_IP build symbol is 
> > > selected.
> > >
> > > Fixes: 81819f0fc8285 ("SLUB core")
> > > Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@xxxxxxxxxx>
> > > ---
> >
> > There is also a debugfs feature that would cause a similar issue.
>
> thank you for review, I've just sent v2 fixing __kmem_cache_create_args()
> side. As for debugfs I haven't reproduced any similar issue, please give
> me a clue here, also likely any non-slab changes should be done separately.

Ah, nevermind! I totally misread the patch.
I thought it only addresses the symlink name.

> > Can we replace '/' in the cache name, without renaming the protocol name?
>
> I believe that's exactly how it's done, the protocol name is left 
> unchanged.

Yeah, now I see :)

--
Cheers,
Harry / Hyeonggon