kernfs: fix memory leak of kernfs_iattrs in __kernfs_new_node

mowteam · gregkh · commit 382b1e8f30f7 · 2025-11-26T15:19:11.000+01:00
There exists a memory leak of kernfs_iattrs contained as an element of kernfs_node allocated in __kernfs_new_node(). __kernfs_setattr() allocates kernfs_iattrs as a sub-object, and the LSM security check incorrectly errors out and does not free the kernfs_iattrs sub-object. Make an additional error out case that properly frees kernfs_iattrs if security_kernfs_init_security() fails. Fixes: e19dfdc ("kernfs: initialize security of newly created nodes") Co-developed-by: Oliver Rosenberg <olrose55@gmail.com> Signed-off-by: Oliver Rosenberg <olrose55@gmail.com> Signed-off-by: Will Rosenberg <whrosenb@asu.edu> Link: https://patch.msgid.link/20251125151332.2010687-1-whrosenb@asu.edu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
@@ -675,11 +675,14 @@ static struct kernfs_node *__kernfs_new_node(struct kernfs_root *root,
 	if (parent) {
 		ret = security_kernfs_init_security(parent, kn);
 		if (ret)
-			goto err_out3;
+			goto err_out4;
 	}
 
 	return kn;
 
+ err_out4:
+	simple_xattrs_free(&kn->iattr->xattrs, NULL);
+	kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
  err_out3:
 	spin_lock(&root->kernfs_idr_lock);
 	idr_remove(&root->ino_idr, (u32)kernfs_ino(kn));
