From aff65a4d9408b1d0a75947470f291d7e665a03c6 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 28 Jan 2021 22:19:36 +0100
Subject: [PATCH] 5.10-stable patches

added patches:
	revert-mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch
---
 ...-fix-a-memory-leak-in-sysfs_slab_add.patch | 57 +++++++++++++++++++
 queue-5.10/series                             |  1 +
 2 files changed, 58 insertions(+)
 create mode 100644 queue-5.10/revert-mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch

diff --git a/queue-5.10/revert-mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch b/queue-5.10/revert-mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch
new file mode 100644
index 00000000000..cdf8eea558b
--- /dev/null
+++ b/queue-5.10/revert-mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch
@@ -0,0 +1,57 @@
+From 757fed1d0898b893d7daa84183947c70f27632f3 Mon Sep 17 00:00:00 2001
+From: Wang Hai <wanghai38@huawei.com>
+Date: Thu, 28 Jan 2021 19:32:50 +0800
+Subject: Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
+
+From: Wang Hai <wanghai38@huawei.com>
+
+commit 757fed1d0898b893d7daa84183947c70f27632f3 upstream.
+
+This reverts commit dde3c6b72a16c2db826f54b2d49bdea26c3534a2.
+
+syzbot report a double-free bug. The following case can cause this bug.
+
+ - mm/slab_common.c: create_cache(): if the __kmem_cache_create() fails,
+   it does:
+
+	out_free_cache:
+		kmem_cache_free(kmem_cache, s);
+
+ - but __kmem_cache_create() - at least for slub() - will have done
+
+	sysfs_slab_add(s)
+		-> sysfs_create_group() .. fails ..
+		-> kobject_del(&s->kobj); .. which frees s ...
+
+We can't remove the kmem_cache_free() in create_cache(), because other
+error cases of __kmem_cache_create() do not free this.
+
+So, revert the commit dde3c6b72a16 ("mm/slub: fix a memory leak in
+sysfs_slab_add()") to fix this.
+
+Reported-by: syzbot+d0bd96b4696c1ef67991@syzkaller.appspotmail.com
+Fixes: dde3c6b72a16 ("mm/slub: fix a memory leak in sysfs_slab_add()")
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Signed-off-by: Wang Hai <wanghai38@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c |    4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -5620,10 +5620,8 @@ static int sysfs_slab_add(struct kmem_ca
+ 
+ 	s->kobj.kset = kset;
+ 	err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
+-	if (err) {
+-		kobject_put(&s->kobj);
++	if (err)
+ 		goto out;
+-	}
+ 
+ 	err = sysfs_create_group(&s->kobj, &slab_attr_group);
+ 	if (err)
diff --git a/queue-5.10/series b/queue-5.10/series
index 89841a21297..d701a43d208 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -1 +1,2 @@
 gpio-mvebu-fix-pwm-.get_state-period-calculation.patch
+revert-mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch
-- 
2.47.3