dlm: avoid double-free on error path in dlm_device_{register,unregister}
Can be reproduced when running dlm_controld (tested on 4.4.x, 4.12.4):
# seq 1 100 | xargs -P0 -n1 dlm_tool join
# seq 1 100 | xargs -P0 -n1 dlm_tool leave
misc_register fails due to duplicate sysfs entry, which causes
dlm_device_register to free ls->ls_device.name.
In dlm_device_deregister the name was freed again, causing memory
corruption.
According to the comment in dlm_device_deregister the name should've been
set to NULL when registration fails,
so this patch does that.
sysfs: cannot create duplicate filename '/dev/char/10:1'
------------[ cut here ]------------
warning: cpu: 1 pid: 4450 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x56/0x70
modules linked in: msr rfcomm dlm ccm bnep dm_crypt uvcvideo
videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core videodev
btusb media btrtl btbcm btintel bluetooth ecdh_generic intel_rapl
x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm
snd_hda_codec_hdmi irqbypass crct10dif_pclmul crc32_pclmul
ghash_clmulni_intel thinkpad_acpi pcbc nvram snd_seq_midi
snd_seq_midi_event aesni_intel snd_hda_codec_realtek snd_hda_codec_generic
snd_rawmidi aes_x86_64 crypto_simd glue_helper snd_hda_intel snd_hda_codec
cryptd intel_cstate arc4 snd_hda_core snd_seq snd_seq_device snd_hwdep
iwldvm intel_rapl_perf mac80211 joydev input_leds iwlwifi serio_raw
cfg80211 snd_pcm shpchp snd_timer snd mac_hid mei_me lpc_ich mei soundcore
sunrpc parport_pc ppdev lp parport autofs4 i915 psmouse
e1000e ahci libahci i2c_algo_bit sdhci_pci ptp drm_kms_helper sdhci
pps_core syscopyarea sysfillrect sysimgblt fb_sys_fops drm wmi video
cpu: 1 pid: 4450 comm: dlm_test.exe not tainted 4.12.4-041204-generic
hardware name: lenovo 232425u/232425u, bios g2et82ww (2.02 ) 09/11/2012
task:
ffff96b0cbabe140 task.stack:
ffffb199027d0000
rip: 0010:sysfs_warn_dup+0x56/0x70
rsp: 0018:
ffffb199027d3c58 eflags:
00010282
rax:
0000000000000038 rbx:
ffff96b0e2c49158 rcx:
0000000000000006
rdx:
0000000000000000 rsi:
0000000000000086 rdi:
ffff96b15e24dcc0
rbp:
ffffb199027d3c70 r08:
0000000000000001 r09:
0000000000000721
r10:
ffffb199027d3c00 r11:
0000000000000721 r12:
ffffb199027d3cd1
r13:
ffff96b1592088f0 r14:
0000000000000001 r15:
ffffffffffffffef
fs:
00007f78069c0700(0000) gs:
ffff96b15e240000(0000)
knlgs:
0000000000000000
cs: 0010 ds: 0000 es: 0000 cr0:
0000000080050033
cr2:
000000178625ed28 cr3:
0000000091d3e000 cr4:
00000000001406e0
call trace:
sysfs_do_create_link_sd.isra.2+0x9e/0xb0
sysfs_create_link+0x25/0x40
device_add+0x5a9/0x640
device_create_groups_vargs+0xe0/0xf0
device_create_with_groups+0x3f/0x60
? snprintf+0x45/0x70
misc_register+0x140/0x180
device_write+0x6a8/0x790 [dlm]
__vfs_write+0x37/0x160
? apparmor_file_permission+0x1a/0x20
? security_file_permission+0x3b/0xc0
vfs_write+0xb5/0x1a0
sys_write+0x55/0xc0
? sys_fcntl+0x5d/0xb0
entry_syscall_64_fastpath+0x1e/0xa9
rip: 0033:0x7f78083454bd
rsp: 002b:
00007f78069bbd30 eflags:
00000293 orig_rax:
0000000000000001
rax:
ffffffffffffffda rbx:
0000000000000006 rcx:
00007f78083454bd
rdx:
000000000000009c rsi:
00007f78069bee00 rdi:
0000000000000005
rbp:
00007f77f8000a20 r08:
000000000000fcf0 r09:
0000000000000032
r10:
0000000000000024 r11:
0000000000000293 r12:
00007f78069bde00
r13:
00007f78069bee00 r14:
000000000000000a r15:
00007f78069bbd70
code: 85 c0 48 89 c3 74 12 b9 00 10 00 00 48 89 c2 31 f6 4c 89 ef e8 2c c8
ff ff 4c 89 e2 48 89 de 48 c7 c7 b0 8e 0c a8 e8 41 e8 ed ff <0f> ff 48 89
df e8 00 d5 f4 ff 5b 41 5c 41 5d 5d c3 66 0f 1f 84
---[ end trace
40412246357cc9e0 ]---
dlm:
59f24629-ae39-44e2-9030-
397ebc2eda26: leaving the lockspace group...
bug: unable to handle kernel null pointer dereference at
0000000000000001
ip: [<
ffffffff811a3b4a>] kmem_cache_alloc+0x7a/0x140
pgd 0
oops: 0000 [#1] smp
modules linked in: dlm 8021q garp mrp stp llc openvswitch nf_defrag_ipv6
nf_conntrack libcrc32c iptable_filter dm_multipath crc32_pclmul dm_mod
aesni_intel psmouse aes_x86_64 sg ablk_helper cryptd lrw gf128mul
glue_helper i2c_piix4 nls_utf8 tpm_tis tpm isofs nfsd auth_rpcgss
oid_registry nfs_acl lockd grace sunrpc xen_wdt ip_tables x_tables autofs4
hid_generic usbhid hid sr_mod cdrom sd_mod ata_generic pata_acpi 8139too
serio_raw ata_piix 8139cp mii uhci_hcd ehci_pci ehci_hcd libata
scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_mod ipv6
cpu: 0 pid: 394 comm: systemd-udevd tainted: g w 4.4.0+0 #1
hardware name: xen hvm domu, bios 4.7.2-2.2 05/11/2017
task:
ffff880002410000 ti:
ffff88000243c000 task.ti:
ffff88000243c000
rip: e030:[<
ffffffff811a3b4a>] [<
ffffffff811a3b4a>]
kmem_cache_alloc+0x7a/0x140
rsp: e02b:
ffff88000243fd90 eflags:
00010202
rax:
0000000000000000 rbx:
ffff8800029864d0 rcx:
000000000007b36c
rdx:
000000000007b36b rsi:
00000000024000c0 rdi:
ffff880036801c00
rbp:
ffff88000243fdc0 r08:
0000000000018880 r09:
0000000000000054
r10:
000000000000004a r11:
ffff880034ace6c0 r12:
00000000024000c0
r13:
ffff880036801c00 r14:
0000000000000001 r15:
ffffffff8118dcc2
fs:
00007f0ab77548c0(0000) gs:
ffff880036e00000(0000) knlgs:
0000000000000000
cs: e033 ds: 0000 es: 0000 cr0:
0000000080050033
cr2:
0000000000000001 cr3:
000000000332d000 cr4:
0000000000040660
stack:
ffffffff8118dc90 ffff8800029864d0 0000000000000000 ffff88003430b0b0
ffff880034b78320 ffff88003430b0b0 ffff88000243fdf8 ffffffff8118dcc2
ffff8800349c6700 ffff8800029864d0 000000000000000b 00007f0ab7754b90
call trace:
[<
ffffffff8118dc90>] ? anon_vma_fork+0x60/0x140
[<
ffffffff8118dcc2>] anon_vma_fork+0x92/0x140
[<
ffffffff8107033e>] copy_process+0xcae/0x1a80
[<
ffffffff8107128b>] _do_fork+0x8b/0x2d0
[<
ffffffff81071579>] sys_clone+0x19/0x20
[<
ffffffff815a30ae>] entry_syscall_64_fastpath+0x12/0x71
] code: f6 75 1c 4c 89 fa 44 89 e6 4c 89 ef e8 a7 e4 00 00 41 f7 c4 00 80
00 00 49 89 c6 74 47 eb 32 49 63 45 20 48 8d 4a 01 4d 8b 45 00 <49> 8b 1c
06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 ac 49 63
rip [<
ffffffff811a3b4a>] kmem_cache_alloc+0x7a/0x140
rsp <
ffff88000243fd90>
cr2:
0000000000000001
--[ end trace
70cb9fd1b164a0e8 ]--
CC: stable@vger.kernel.org
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Signed-off-by: David Teigland <teigland@redhat.com>