lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 29 Aug 2020 10:32:42 +0800 (GMT+08:00)
From:   dinghao.liu@....edu.cn
To:     "Jan Kara" <jack@...e.cz>
Cc:     kjlu@....edu, "Theodore Ts'o" <tytso@....edu>,
        "Andreas Dilger" <adilger.kernel@...ger.ca>,
        linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH] ext4: Fix memleak in add_new_gdb

> On Thu 27-08-20 14:28:43, Dinghao Liu wrote:
> > When ext4_journal_get_write_access() fails, we should release
> > n_group_desc, iloc.bh, dind and gdb_bh to prevent memleak.
> > It's the same when ext4_handle_dirty_super() fails, but we
> > don't need to release dind here because it has been released
> > before.
> > 
> > Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
> 
> Thanks for the patch! Some comments below:
> 
> > diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
> > index a50b51270ea9..efc0a022ca8e 100644
> > --- a/fs/ext4/resize.c
> > +++ b/fs/ext4/resize.c
> > @@ -843,8 +843,10 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
> >  
> >  	BUFFER_TRACE(dind, "get_write_access");
> >  	err = ext4_journal_get_write_access(handle, dind);
> > -	if (unlikely(err))
> > +	if (unlikely(err)) {
> >  		ext4_std_error(sb, err);
> > +		goto errout;
> > +	}
> 
> This hunk looks good.
> 
> > @@ -899,13 +901,17 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
> >  
> >  	le16_add_cpu(&es->s_reserved_gdt_blocks, -1);
> >  	err = ext4_handle_dirty_super(handle, sb);
> > -	if (err)
> > +	if (err) {
> >  		ext4_std_error(sb, err);
> > +		goto errsuper;
> > +	}
> > +
> >  	return err;
> >  errout:
> > +	brelse(dind);
> > +errsuper:
> 
> But this is definitely wrong. Look, n_group_desc and gdb_bh are already
> referenced from the superblock so you cannot free them, iloc.bh has been
> released in ext4_mark_iloc_dirty().
> 

Thank you for your advice! It's clear to me and I will fix this soon.

Regards,
Dinghao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ