Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp695361ybg; Wed, 3 Jun 2020 11:07:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyf8X6BN7iga5Q1PVIDqvXEqltWnYpSP+HeBjzRM6CIFYVwhQVze+0IVPXkMlOZAuaXUd7e X-Received: by 2002:a17:906:1088:: with SMTP id u8mr508548eju.428.1591207630679; Wed, 03 Jun 2020 11:07:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591207630; cv=none; d=google.com; s=arc-20160816; b=bGL6NRtxdiNLI4dn8KxVrqUc4OPpe85fjCVqPOWicnEgw8uAwlJa5HwQT79jFwM6sY y78vfBBQ1JS1dyWwc3M+BayppjUlEUKCkPPhTel/1yFOINT3NyvEqTHedxx5o/J/cEY7 iMwuGjd3CH4BAHZDFqh89HCnZeF93O+2fhFPQXa8CDQZ6CDuT4x+wFQ1/DIJjCIbnaRo uKDwFnQjntr/SvCWOTzW85T4XiAbewlBhaDKdkiDbyoSpPbVZzji0jzTqC20f9kCuncI UI8ynNaG2VQxfH8gINhub0jG00yMeKi9wrPh3xw3o13Bq38wRqBNcFfd8YFdqwxjtwjM mOcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:dkim-signature; bh=BjKNes4/H1E/ML9zxfUNUV/ptCyr+pXlV4dZ8kwY0OY=; b=cmwIpPVGGauIfxo3ctyfHq0mTcBL6w8BA4RImwSpRajSdWj2Cr3IYseKpcOfX4pAne 2u4la3Y+1XkuyZs2gAHYdltFJjSgV0Dtl5QEtsfy1LURWVZG5OwbNpI3cx+BlhMuutZO tHr4hlH/1JwEZb8RLH4kKuwgNE9ht/Z0LUryVD45nXqpoOnmDE1KKAXpeDP0ZKCQxtW/ rsX7I1PI9/uWXzJ0HdxamkA6FOHb9EOy7ETBDzvs3uoUg3QdgT2ra+OePdPONVduAGpO 7xTEptnzzaOGXCkL9oq4g5df86E+aCl5gN6fsaO+CD6YPA+VbkPl12rCqMsFDVhd103r nagg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ugTnLRUV; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=mDtdse0E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ay24si184814edb.310.2020.06.03.11.06.40; Wed, 03 Jun 2020 11:07:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=ugTnLRUV; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=mDtdse0E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726383AbgFCSEk (ORCPT + 99 others); Wed, 3 Jun 2020 14:04:40 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:59394 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725821AbgFCSEj (ORCPT ); Wed, 3 Jun 2020 14:04:39 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 602538EE10C; Wed, 3 Jun 2020 11:04:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1591207478; bh=nyF4ZNrk3Tv6mEkMqr1kGc6nsVLVMvXsy+KGMvTU+eM=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=ugTnLRUVTG6gL9VguUYtukOS5HWcTT8LHJyCfv39HZ3y1ZurRZmiRtdtYzrbBsGnE 6qMAiL3n8WXfYrLpcXYGauhjNVkrCVnv9olEVawEkWsFkIb3wjIfYHoeP3zFSfhnnk g2zlHPTNlU0Scu+lerlU40Y+kFXlHT0/k/FSYM1U= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zlAJS75A4beK; Wed, 3 Jun 2020 11:04:37 -0700 (PDT) Received: from [153.66.254.194] (unknown [50.35.76.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id EB0EE8EE0DF; Wed, 3 Jun 2020 11:04:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1591207477; bh=nyF4ZNrk3Tv6mEkMqr1kGc6nsVLVMvXsy+KGMvTU+eM=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=mDtdse0EcgtJXc2ZTI7eSLKESTigp9T388FW8VMlxAk2aEZOsF/j4q1WHgLLDW5gz HwIEljgUmGuw+15+SkQHCkQg7m/Dm+LcFanDugHhwY834hmdke+pxpNPVs8Py+f6gu 2iF7SxrwX/FPtGRf3GYtrfBi9wfLPxR+kTQC2YLk= Message-ID: <1591207475.4462.41.camel@HansenPartnership.com> Subject: Re: kobject_init_and_add is easy to misuse From: James Bottomley To: Jason Gunthorpe Cc: Greg Kroah-Hartman , Matthew Wilcox , Wang Hai , cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, khlebnikov@yandex-team.ru, linux-mm@kvack.org, linux-kernel@vger.kernel.org Date: Wed, 03 Jun 2020 11:04:35 -0700 In-Reply-To: <20200603002205.GE6578@ziepe.ca> References: <20200602115033.1054-1-wanghai38@huawei.com> <20200602121035.GL19604@bombadil.infradead.org> <1591111514.4253.32.camel@HansenPartnership.com> <20200602173603.GB3579519@kroah.com> <1591127656.16819.7.camel@HansenPartnership.com> <20200602200756.GA3933938@kroah.com> <1591134670.16819.18.camel@HansenPartnership.com> <20200603002205.GE6578@ziepe.ca> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2020-06-02 at 21:22 -0300, Jason Gunthorpe wrote: > On Tue, Jun 02, 2020 at 02:51:10PM -0700, James Bottomley wrote: > > > My first thought was "what? I got suckered into creating a patch", > > thanks ;-) But now I look, all the error paths do unwind back to > > the initial state, so kfree() on error looks to be completely > > correct. > > It doesn't fully unwind if the kobject is put into a kset, then > another thread can get the kref during kset_find_obj() and kfree() > won't wait for the kref to go to 0. It must use put. That does seem a bit contrived: the only failure kobject_add_internal() can get after kobj_kset_join() is from directory creation. If directory creation fails, no name appears in sysfs and no event for the name is sent, how did another thread get the name to pass in to kset_find_obj()? James