It will result in null pointer access if shmem_init_inodecache fail,
so check return value of shmem_init_inodecache
Signed-off-by: Chen Wandun <[email protected]>
---
mm/shmem.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/mm/shmem.c b/mm/shmem.c
index 12d45a03f7fc..7419ab219b97 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3775,11 +3775,16 @@ static void shmem_init_inode(void *foo)
inode_init_once(&info->vfs_inode);
}
-static void shmem_init_inodecache(void)
+static int shmem_init_inodecache(void)
{
shmem_inode_cachep = kmem_cache_create("shmem_inode_cache",
sizeof(struct shmem_inode_info),
0, SLAB_PANIC|SLAB_ACCOUNT, shmem_init_inode);
+
+ if (!shmem_inode_cachep)
+ return -ENOMEM;
+
+ return 0;
}
static void shmem_destroy_inodecache(void)
@@ -3923,7 +3928,9 @@ void __init shmem_init(void)
{
int error;
- shmem_init_inodecache();
+ error = shmem_init_inodecache();
+ if (error)
+ goto out2;
error = register_filesystem(&shmem_fs_type);
if (error) {
--
2.25.1
On Mon, 6 Jun 2022, Chen Wandun wrote:
> It will result in null pointer access if shmem_init_inodecache fail,
> so check return value of shmem_init_inodecache
>
> Signed-off-by: Chen Wandun <[email protected]>
Thank you, but NAK.
It's a pity that you've been put to the trouble of sending a v3, sorry
about that: but if SLAB_PANIC no longer works, or panic() has taken to
returning, then that's what needs fixing, not shmem_init_inodecache().
Was this one supposed to be the bugfix? And I'm afraid I don't care
for your "cleanups" in 2/3 and 3/3 either: a matter of taste, and our
tastes differ.
I'd rather not spend the time on these: maybe look for somewhere else
to change around than mm/shmem.c? Or better, please help us all by
using your time to review the functional patches being posted.
Thanks,
Hugh
> ---
> mm/shmem.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 12d45a03f7fc..7419ab219b97 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -3775,11 +3775,16 @@ static void shmem_init_inode(void *foo)
> inode_init_once(&info->vfs_inode);
> }
>
> -static void shmem_init_inodecache(void)
> +static int shmem_init_inodecache(void)
> {
> shmem_inode_cachep = kmem_cache_create("shmem_inode_cache",
> sizeof(struct shmem_inode_info),
> 0, SLAB_PANIC|SLAB_ACCOUNT, shmem_init_inode);
> +
> + if (!shmem_inode_cachep)
> + return -ENOMEM;
> +
> + return 0;
> }
>
> static void shmem_destroy_inodecache(void)
> @@ -3923,7 +3928,9 @@ void __init shmem_init(void)
> {
> int error;
>
> - shmem_init_inodecache();
> + error = shmem_init_inodecache();
> + if (error)
> + goto out2;
>
> error = register_filesystem(&shmem_fs_type);
> if (error) {
> --
> 2.25.1
On Mon, Jun 06, 2022 at 11:45:28AM +0800, Chen Wandun wrote:
> It will result in null pointer access if shmem_init_inodecache fail,
> so check return value of shmem_init_inodecache
>
> Signed-off-by: Chen Wandun <[email protected]>
> ---
> mm/shmem.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 12d45a03f7fc..7419ab219b97 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -3775,11 +3775,16 @@ static void shmem_init_inode(void *foo)
> inode_init_once(&info->vfs_inode);
> }
>
> -static void shmem_init_inodecache(void)
> +static int shmem_init_inodecache(void)
> {
> shmem_inode_cachep = kmem_cache_create("shmem_inode_cache",
> sizeof(struct shmem_inode_info),
> 0, SLAB_PANIC|SLAB_ACCOUNT, shmem_init_inode);
NACK, we cannot dereference a NULL pointer since SLAB_PANIC is passed
to kmem_cache_create().
> +
> + if (!shmem_inode_cachep)
> + return -ENOMEM;
> +
> + return 0;
> }
>
> static void shmem_destroy_inodecache(void)
> @@ -3923,7 +3928,9 @@ void __init shmem_init(void)
> {
> int error;
>
> - shmem_init_inodecache();
> + error = shmem_init_inodecache();
> + if (error)
> + goto out2;
>
> error = register_filesystem(&shmem_fs_type);
> if (error) {
> --
> 2.25.1
>
>