From: Tetsuo Handa <[email protected]> Since allowing register_shrinker() callers to call unregister_shrinker() when register_shrinker() failed can simplify error recovery path, this patch makes unregister_shrinker() no-op when register_shrinker() failed. Let's also make sure that double unregister_shrinker doesn't blow up as well and NULL nr_deferred on successful de-registration to make the clean up even simpler and prevent from potential memory corruptions.
[[email protected]: set nr_deferred = NULL to handle double unregister] Signed-off-by: Tetsuo Handa <[email protected]> Reported-by: syzbot <[email protected]> Cc: Glauber Costa <[email protected]> Cc: Al Viro <[email protected]> Signed-off-by: Michal Hocko <[email protected]> --- mm/vmscan.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/vmscan.c b/mm/vmscan.c index 80dea50f421b..7a5801040fd4 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -281,10 +281,13 @@ EXPORT_SYMBOL(register_shrinker); */ void unregister_shrinker(struct shrinker *shrinker) { + if (!shrinker->nr_deferred) + return; down_write(&shrinker_rwsem); list_del(&shrinker->list); up_write(&shrinker_rwsem); kfree(shrinker->nr_deferred); + shrinker->nr_deferred = NULL; } EXPORT_SYMBOL(unregister_shrinker); -- 2.15.1
