On Fri, 2 Sep 2022 14:56:31 +0200 Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> When calling debugfs_lookup() the result must have dput() called on it,
> otherwise the memory will leak over time. Fix this up by properly
> calling dput().
>
> ...
>
Fixes: 75c1c2b53c78b, I assume.
> --- a/mm/damon/dbgfs.c
> +++ b/mm/damon/dbgfs.c
> @@ -915,6 +915,7 @@ static int dbgfs_rm_context(char *name)
> new_ctxs[j++] = dbgfs_ctxs[i];
> }
>
> + dput(dir);
> kfree(dbgfs_dirs);
> kfree(dbgfs_ctxs);
>
dput() is also needed if either of the kmalloc_array() calls fail?
Maybe something like
--- a/mm/damon/dbgfs.c~a
+++ a/mm/damon/dbgfs.c
@@ -884,6 +884,7 @@ static int dbgfs_rm_context(char *name)
struct dentry *root, *dir, **new_dirs;
struct damon_ctx **new_ctxs;
int i, j;
+ int ret = 0;
if (damon_nr_running_ctxs())
return -EBUSY;
@@ -899,14 +900,12 @@ static int dbgfs_rm_context(char *name)
new_dirs = kmalloc_array(dbgfs_nr_ctxs - 1, sizeof(*dbgfs_dirs),
GFP_KERNEL);
if (!new_dirs)
- return -ENOMEM;
+ goto out_dput;
new_ctxs = kmalloc_array(dbgfs_nr_ctxs - 1, sizeof(*dbgfs_ctxs),
GFP_KERNEL);
- if (!new_ctxs) {
- kfree(new_dirs);
- return -ENOMEM;
- }
+ if (!new_ctxs)
+ goto out_new_dirs;
for (i = 0, j = 0; i < dbgfs_nr_ctxs; i++) {
if (dbgfs_dirs[i] == dir) {
@@ -925,7 +924,13 @@ static int dbgfs_rm_context(char *name)
dbgfs_ctxs = new_ctxs;
dbgfs_nr_ctxs--;
- return 0;
+ goto out_dput;
+
+out_new_dirs:
+ kfree(new_dirs);
+out_dput:
+ dput(dir);
+ return ret;
}
static ssize_t dbgfs_rm_context_write(struct file *file,
_
