Commit ff04f3b6 authored Nov 25, 2020 by Ard Biesheuvel

efivarfs: revert "fix memory leak in efivarfs_create()"



The memory leak addressed by commit fe5186cf is a false positive:
all allocations are recorded in a linked list, and freed when the
filesystem is unmounted. This leads to double frees, and as reported
by David, leads to crashes if SLUB is configured to self destruct when
double frees occur.

So drop the redundant kfree() again, and instead, mark the offending
pointer variable so the allocation is ignored by kmemleak.

Cc: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
Fixes: fe5186cf ("efivarfs: fix memory leak in efivarfs_create()")
Reported-by: David Laight <David.Laight@aculab.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

parent 50bdcf04

fs/efivarfs/inode.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,7 @@
		#include <linux/efi.h>
		#include <linux/fs.h>
		#include <linux/ctype.h>
		#include <linux/kmemleak.h>
		#include <linux/slab.h>
		#include <linux/uuid.h>

		@@ -103,6 +104,7 @@ static int efivarfs_create(struct inode dir, struct dentry dentry,
		var->var.VariableName[i] = '\0';

		inode->i_private = var;
		kmemleak_ignore(var);

		err = efivar_entry_add(var, &efivarfs_list);
		if (err)

fs/efivarfs/super.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,6 @@ LIST_HEAD(efivarfs_list);
		static void efivarfs_evict_inode(struct inode *inode)
		{
		clear_inode(inode);
		kfree(inode->i_private);
		}

		static const struct super_operations efivarfs_ops = {

Admin message