Commit f5886c7f authored by Catalin Marinas's avatar Catalin Marinas Committed by Linus Torvalds
Browse files

kmemleak: Protect the seq start/next/stop sequence by rcu_read_lock()



Objects passed to kmemleak_seq_next() have an incremented reference
count (hence not freed) but they may point via object_list.next to
other freed objects. To avoid this, the whole start/next/stop sequence
must be protected by rcu_read_lock().
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 84210aeb
...@@ -1217,7 +1217,6 @@ static void *kmemleak_seq_start(struct seq_file *seq, loff_t *pos) ...@@ -1217,7 +1217,6 @@ static void *kmemleak_seq_start(struct seq_file *seq, loff_t *pos)
} }
object = NULL; object = NULL;
out: out:
rcu_read_unlock();
return object; return object;
} }
...@@ -1233,13 +1232,11 @@ static void *kmemleak_seq_next(struct seq_file *seq, void *v, loff_t *pos) ...@@ -1233,13 +1232,11 @@ static void *kmemleak_seq_next(struct seq_file *seq, void *v, loff_t *pos)
++(*pos); ++(*pos);
rcu_read_lock();
list_for_each_continue_rcu(n, &object_list) { list_for_each_continue_rcu(n, &object_list) {
next_obj = list_entry(n, struct kmemleak_object, object_list); next_obj = list_entry(n, struct kmemleak_object, object_list);
if (get_object(next_obj)) if (get_object(next_obj))
break; break;
} }
rcu_read_unlock();
put_object(prev_obj); put_object(prev_obj);
return next_obj; return next_obj;
...@@ -1255,6 +1252,7 @@ static void kmemleak_seq_stop(struct seq_file *seq, void *v) ...@@ -1255,6 +1252,7 @@ static void kmemleak_seq_stop(struct seq_file *seq, void *v)
* kmemleak_seq_start may return ERR_PTR if the scan_mutex * kmemleak_seq_start may return ERR_PTR if the scan_mutex
* waiting was interrupted, so only release it if !IS_ERR. * waiting was interrupted, so only release it if !IS_ERR.
*/ */
rcu_read_unlock();
mutex_unlock(&scan_mutex); mutex_unlock(&scan_mutex);
if (v) if (v)
put_object(v); put_object(v);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment