Re: kobject_init_and_add is easy to misuse

From: Jason Gunthorpe
Date: Tue Jun 02 2020 - 20:22:11 EST

Next message: Rajat Jain: "Re: [PATCH v3] iommu/vt-d: Don't apply gfx quirks to untrusted devices"
Previous message: Finn Thain: "Re: [PATCH v2 1/2] video: fbdev: amifb: add FIXME about dead APUS support"
In reply to: James Bottomley: "Re: kobject_init_and_add is easy to misuse"
Next in thread: James Bottomley: "Re: kobject_init_and_add is easy to misuse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 02, 2020 at 02:51:10PM -0700, James Bottomley wrote:

> My first thought was "what? I got suckered into creating a patch",
> thanks ;-) But now I look, all the error paths do unwind back to the
> initial state, so kfree() on error looks to be completely correct.

It doesn't fully unwind if the kobject is put into a kset, then
another thread can get the kref during kset_find_obj() and kfree() won't
wait for the kref to go to 0. It must use put.

Jason

Next message: Rajat Jain: "Re: [PATCH v3] iommu/vt-d: Don't apply gfx quirks to untrusted devices"
Previous message: Finn Thain: "Re: [PATCH v2 1/2] video: fbdev: amifb: add FIXME about dead APUS support"
In reply to: James Bottomley: "Re: kobject_init_and_add is easy to misuse"
Next in thread: James Bottomley: "Re: kobject_init_and_add is easy to misuse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]