lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jul 2009 08:00:43 -0700 From: Curt Wohlgemuth <curtw@...gle.com> To: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com> Cc: ext4 development <linux-ext4@...r.kernel.org> Subject: Re: [PATCH] ext4: More buffer head reference leaks On Tue, Jul 14, 2009 at 10:52 PM, Aneesh Kumar K.V<aneesh.kumar@...ux.vnet.ibm.com> wrote: > On Tue, Jul 14, 2009 at 01:58:29PM -0700, Curt Wohlgemuth wrote: >> After the patch I posted last week regarding buffer head ref leaks in >> no-journal mode, I looked at all the code that uses buffer heads and >> searched for more potential leaks. >> >> The patch below fixes the issues I found; these can occur even when a >> journal is present. >> >> The change to inode.c fixes a double release if >> ext4_journal_get_create_access() fails. >> >> The changes to namei.c are more complicated. add_dirent_to_buf() will >> release the input buffer head EXCEPT when it returns -ENOSPC. There are >> some callers of this routine that don't always do the brelse() in the event >> that -ENOSPC is returned. Unfortunately, to put this fix into ext4_add_entry() >> required capturing the return value of make_indexed_dir() and >> add_dirent_to_buf(). >> >> I'd appreciate comments on these changes, in particular if I'm just missing >> something obvious here. >> >> Signed-off-by: Curt Wohlgemuth <curtw@...gle.com> >> >> --- >> diff -Naur orig/fs/ext4/inode.c new/fs/ext4/inode.c >> --- orig/fs/ext4/inode.c 2009-07-14 11:19:01.000000000 -0700 >> +++ new/fs/ext4/inode.c 2009-07-14 11:51:42.000000000 -0700 >> @@ -758,8 +758,9 @@ >> BUFFER_TRACE(bh, "call get_create_access"); >> err = ext4_journal_get_create_access(handle, bh); >> if (err) { >> + /* Don't brelse(bh) here; it's done in journal_forget() >> + * below */ >> unlock_buffer(bh); >> - brelse(bh); >> goto failed; >> } >> > > I am not able to find the journal_foget call in the path. brelse is > dropping the buffer_head reference got from sb_getblk right ? Can you > tell me what is that i am missing ? Look at the code at the "failed" label. For each of the allocated BHs thus far, there's a call to ext4_journal_forget(). Oops, I should have put "ext4_journal_forget()" in the comment; my apologies. I'll resend this out, along with a change to ext4_add_entry() to remove the gotos. Thanks, Curt > > >> diff -Naur orig/fs/ext4/namei.c new/fs/ext4/namei.c >> --- orig/fs/ext4/namei.c 2009-07-14 11:19:46.000000000 -0700 >> +++ new/fs/ext4/namei.c 2009-07-14 11:19:28.000000000 -0700 >> @@ -1498,12 +1498,14 @@ > > .. snip.. > > -aneesh > -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists