When cachefiles allocates objects it will do some initialization of them, but if that initialization fails, it will just free the objects without doing proper cleanup. At the very least, this can lead to a cookie refcount leak. Change the kmem_cache_free calls to properly put the objects instead. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> --- fs/cachefiles/bind.c | 3 ++- fs/cachefiles/interface.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index dfb14dbddf51..22419bdf239e 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -242,7 +242,8 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) fsdef->dentry = NULL; dput(root); error_open_root: - kmem_cache_free(cachefiles_object_jar, fsdef); + cachefiles_cache_ops.put_object(&fsdef->fscache, + fscache_obj_put_alloc_fail); error_root_object: cachefiles_end_secure(cache, saved_cred); pr_err("Failed to register: %d\n", ret); diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c index 4cea5fbf695e..955f1324b408 100644 --- a/fs/cachefiles/interface.c +++ b/fs/cachefiles/interface.c @@ -103,8 +103,8 @@ static struct fscache_object *cachefiles_alloc_object( kfree(buffer); nomem_buffer: BUG_ON(test_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags)); - kmem_cache_free(cachefiles_object_jar, object); - fscache_object_destroyed(&cache->cache); + cachefiles_cache_ops.put_object(&object->fscache, + fscache_obj_put_alloc_fail); nomem_object: kfree(lookup_data); nomem_lookup_data: -- 2.21.0 -- Linux-cachefs mailing list Linux-cachefs@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cachefs