Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp695361ybg;
        Wed, 3 Jun 2020 11:07:11 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyf8X6BN7iga5Q1PVIDqvXEqltWnYpSP+HeBjzRM6CIFYVwhQVze+0IVPXkMlOZAuaXUd7e
X-Received: by 2002:a17:906:1088:: with SMTP id u8mr508548eju.428.1591207630679;
        Wed, 03 Jun 2020 11:07:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1591207630; cv=none;
        d=google.com; s=arc-20160816;
        b=bGL6NRtxdiNLI4dn8KxVrqUc4OPpe85fjCVqPOWicnEgw8uAwlJa5HwQT79jFwM6sY
         y78vfBBQ1JS1dyWwc3M+BayppjUlEUKCkPPhTel/1yFOINT3NyvEqTHedxx5o/J/cEY7
         iMwuGjd3CH4BAHZDFqh89HCnZeF93O+2fhFPQXa8CDQZ6CDuT4x+wFQ1/DIJjCIbnaRo
         uKDwFnQjntr/SvCWOTzW85T4XiAbewlBhaDKdkiDbyoSpPbVZzji0jzTqC20f9kCuncI
         UI8ynNaG2VQxfH8gINhub0jG00yMeKi9wrPh3xw3o13Bq38wRqBNcFfd8YFdqwxjtwjM
         mOcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature:dkim-signature;
        bh=BjKNes4/H1E/ML9zxfUNUV/ptCyr+pXlV4dZ8kwY0OY=;
        b=cmwIpPVGGauIfxo3ctyfHq0mTcBL6w8BA4RImwSpRajSdWj2Cr3IYseKpcOfX4pAne
         2u4la3Y+1XkuyZs2gAHYdltFJjSgV0Dtl5QEtsfy1LURWVZG5OwbNpI3cx+BlhMuutZO
         tHr4hlH/1JwEZb8RLH4kKuwgNE9ht/Z0LUryVD45nXqpoOnmDE1KKAXpeDP0ZKCQxtW/
         rsX7I1PI9/uWXzJ0HdxamkA6FOHb9EOy7ETBDzvs3uoUg3QdgT2ra+OePdPONVduAGpO
         7xTEptnzzaOGXCkL9oq4g5df86E+aCl5gN6fsaO+CD6YPA+VbkPl12rCqMsFDVhd103r
         nagg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ugTnLRUV;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=mDtdse0E;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ay24si184814edb.310.2020.06.03.11.06.40;
        Wed, 03 Jun 2020 11:07:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ugTnLRUV;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=mDtdse0E;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726383AbgFCSEk (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 3 Jun 2020 14:04:40 -0400
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:59394 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1725821AbgFCSEj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Jun 2020 14:04:39 -0400
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 602538EE10C;
        Wed,  3 Jun 2020 11:04:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1591207478;
        bh=nyF4ZNrk3Tv6mEkMqr1kGc6nsVLVMvXsy+KGMvTU+eM=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=ugTnLRUVTG6gL9VguUYtukOS5HWcTT8LHJyCfv39HZ3y1ZurRZmiRtdtYzrbBsGnE
         6qMAiL3n8WXfYrLpcXYGauhjNVkrCVnv9olEVawEkWsFkIb3wjIfYHoeP3zFSfhnnk
         g2zlHPTNlU0Scu+lerlU40Y+kFXlHT0/k/FSYM1U=
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id zlAJS75A4beK; Wed,  3 Jun 2020 11:04:37 -0700 (PDT)
Received: from [153.66.254.194] (unknown [50.35.76.230])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id EB0EE8EE0DF;
        Wed,  3 Jun 2020 11:04:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1591207477;
        bh=nyF4ZNrk3Tv6mEkMqr1kGc6nsVLVMvXsy+KGMvTU+eM=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=mDtdse0EcgtJXc2ZTI7eSLKESTigp9T388FW8VMlxAk2aEZOsF/j4q1WHgLLDW5gz
         HwIEljgUmGuw+15+SkQHCkQg7m/Dm+LcFanDugHhwY834hmdke+pxpNPVs8Py+f6gu
         2iF7SxrwX/FPtGRf3GYtrfBi9wfLPxR+kTQC2YLk=
Message-ID: <1591207475.4462.41.camel@HansenPartnership.com>
Subject: Re: kobject_init_and_add is easy to misuse
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Jason Gunthorpe <jgg@ziepe.ca>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Matthew Wilcox <willy@infradead.org>,
        Wang Hai <wanghai38@huawei.com>, cl@linux.com,
        penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com,
        akpm@linux-foundation.org, khlebnikov@yandex-team.ru,
        linux-mm@kvack.org, linux-kernel@vger.kernel.org
Date:   Wed, 03 Jun 2020 11:04:35 -0700
In-Reply-To: <20200603002205.GE6578@ziepe.ca>
References: <20200602115033.1054-1-wanghai38@huawei.com>
         <20200602121035.GL19604@bombadil.infradead.org>
         <1591111514.4253.32.camel@HansenPartnership.com>
         <20200602173603.GB3579519@kroah.com>
         <1591127656.16819.7.camel@HansenPartnership.com>
         <20200602200756.GA3933938@kroah.com>
         <1591134670.16819.18.camel@HansenPartnership.com>
         <20200603002205.GE6578@ziepe.ca>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2020-06-02 at 21:22 -0300, Jason Gunthorpe wrote:
> On Tue, Jun 02, 2020 at 02:51:10PM -0700, James Bottomley wrote:
> 
> > My first thought was "what?  I got suckered into creating a patch",
> > thanks ;-)  But now I look, all the error paths do unwind back to
> > the initial state, so kfree() on error looks to be completely
> > correct. 
> 
> It doesn't fully unwind if the kobject is put into a kset, then
> another thread can get the kref during kset_find_obj() and kfree()
> won't wait for the kref to go to 0. It must use put.

That does seem a bit contrived: the only failure kobject_add_internal()
can get after kobj_kset_join() is from directory creation.  If
directory creation fails, no name appears in sysfs and no event for the
name is sent, how did another thread get the name to pass in to
kset_find_obj()?

James