From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Since allowing register_shrinker() callers to call unregister_shrinker()
when register_shrinker() failed can simplify error recovery path, this
patch makes unregister_shrinker() no-op when register_shrinker() failed.
Let's also make sure that double unregister_shrinker doesn't blow up as
well and NULL nr_deferred on successful de-registration to make the
clean up even simpler and prevent from potential memory corruptions.
[akaraliou.dev@xxxxxxxxx: set nr_deferred = NULL to handle double
unregister]
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
Cc: Glauber Costa <glauber@xxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Michal Hocko <mhocko@xxxxxxxx>
---
mm/vmscan.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/vmscan.c b/mm/vmscan.c
index 80dea50f421b..7a5801040fd4 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -281,10 +281,13 @@ EXPORT_SYMBOL(register_shrinker);
*/
void unregister_shrinker(struct shrinker *shrinker)
{
+ if (!shrinker->nr_deferred)
+ return;
down_write(&shrinker_rwsem);
list_del(&shrinker->list);
up_write(&shrinker_rwsem);
kfree(shrinker->nr_deferred);
+ shrinker->nr_deferred = NULL;
}
EXPORT_SYMBOL(unregister_shrinker);
--
2.15.1
