| From 52c3ce4ec5601ee383a14f1485f6bac7b278896e Mon Sep 17 00:00:00 2001 |
| From: Catalin Marinas <catalin.marinas@arm.com> |
| Date: Wed, 27 Apr 2011 16:44:26 +0100 |
| Subject: kmemleak: Do not return a pointer to an object that kmemleak did not get |
| |
| From: Catalin Marinas <catalin.marinas@arm.com> |
| |
| commit 52c3ce4ec5601ee383a14f1485f6bac7b278896e upstream. |
| |
| The kmemleak_seq_next() function tries to get an object (and increment |
| its use count) before returning it. If it could not get the last object |
| during list traversal (because it may have been freed), the function |
| should return NULL rather than a pointer to such object that it did not |
| get. |
| |
| Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> |
| Reported-by: Phil Carmody <ext-phil.2.carmody@nokia.com> |
| Acked-by: Phil Carmody <ext-phil.2.carmody@nokia.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| mm/kmemleak.c | 7 +++++-- |
| 1 file changed, 5 insertions(+), 2 deletions(-) |
| |
| --- a/mm/kmemleak.c |
| +++ b/mm/kmemleak.c |
| @@ -1369,9 +1369,12 @@ static void *kmemleak_seq_next(struct se |
| ++(*pos); |
| |
| list_for_each_continue_rcu(n, &object_list) { |
| - next_obj = list_entry(n, struct kmemleak_object, object_list); |
| - if (get_object(next_obj)) |
| + struct kmemleak_object *obj = |
| + list_entry(n, struct kmemleak_object, object_list); |
| + if (get_object(obj)) { |
| + next_obj = obj; |
| break; |
| + } |
| } |
| |
| put_object(prev_obj); |