mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write

commit 4f489fe6afb395dbc79840efa3c05440b760d883 upstream.

memcg_path_store() assigns a newly allocated memory buffer to
filter->memcg_path, without deallocating the previously allocated and
assigned memory buffer.  As a result, users can leak kernel memory by
continuously writing a data to memcg_path DAMOS sysfs file.  Fix the leak
by deallocating the previously set memory buffer.

Link: https://lkml.kernel.org/r/20250619183608.6647-2-sj@kernel.org
Fixes: 7ee161f18b5d ("mm/damon/sysfs-schemes: implement filter directory")
Signed-off-by: SeongJae Park <sj@kernel.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: <stable@vger.kernel.org>		[6.3.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/mm/damon/sysfs-schemes.c b/mm/damon/sysfs-schemes.c
index 26c948f87489ee1cdf9d97de9877ebc23185a8ed..19d661889cf796ed4e401a000d06cea51a41a955 100644 (file)
--- a/mm/damon/sysfs-schemes.c
+++ b/mm/damon/sysfs-schemes.c
@@ -376,6 +376,7 @@ static ssize_t memcg_path_store(struct kobject *kobj,
                return -ENOMEM;
 
        strscpy(path, buf, count + 1);
+       kfree(filter->memcg_path);
        filter->memcg_path = path;
        return count;
 }