lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Jan 2007 21:50:47 -0800
From:	Andrew Morton <akpm@...l.org>
To:	Sébastien Dugué <sebastien.dugue@...l.net>
Cc:	linux-kernel <linux-kernel@...r.kernel.org>,
	linux-aio <linux-aio@...ck.org>,
	Bharata B Rao <bharata@...ibm.com>,
	Christoph Hellwig <hch@...radead.org>,
	Suparna Bhattacharya <suparna@...ibm.com>,
	Ulrich Drepper <drepper@...hat.com>,
	Zach Brown <zach.brown@...cle.com>,
	Jean Pierre Dion <jean-pierre.dion@...l.net>,
	Badari Pulavarty <pbadari@...ibm.com>
Subject: Re: [PATCH -mm 5/5][AIO] - Add listio syscall support

On Wed, 17 Jan 2007 10:55:54 +0100
Sébastien Dugué <sebastien.dugue@...l.net> wrote:

> +asmlinkage long
> +compat_sys_lio_submit(aio_context_t ctx_id, int mode, int nr, u32 __user *iocb,
> +		struct compat_sigevent __user *sig_user)
> +{
> +	struct kioctx *ctx;
> +	struct lio_event *lio = NULL;
> +	struct sigevent __user *event = NULL;
> +	long ret = 0;
> +
> +	if (unlikely(nr < 0))
> +		return -EINVAL;
> +
> +	if (unlikely(!access_ok(VERIFY_READ, iocb, (nr * sizeof(u32)))))
> +		return -EFAULT;
> +
> +	ctx = lookup_ioctx(ctx_id);
> +	if (unlikely(!ctx))
> +		return -EINVAL;
> +
> +	if (sig_user) {
> +		struct sigevent kevent;
> +		event = compat_alloc_user_space(sizeof(struct sigevent));
> +		if (get_compat_sigevent(&kevent, sig_user) ||
> +			copy_to_user(event, &kevent, sizeof(struct sigevent)))
> +			return -EFAULT;

I think we just leaked a ref against the ioctx.

That's two.  Please re-review the whole patchset for leaks like this.

Please also do not do returns from the middle of functions like this.  It's just
asking for resource leaks, either now or in the future.


> +	}
> +
> +	lio = lio_create(event, mode);
> +
> +	ret = PTR_ERR(lio);
> +	if (IS_ERR(lio))
> +		goto out_put_ctx;
> +
> +	ret = compat_io_submit_group(ctx, nr, iocb, lio);
> +
> +	/* If we failed to submit even one request just return */
> +	if (ret < 0) {
> +		if (lio)
> +			kfree(lio);
> +		goto out_put_ctx;
> +	}
> +
> +	/*
> +	 * Drop extra ref on the lio now that we're done submitting requests.
> +	 */
> +	if (lio)
> +		lio_check(lio);
> +
> +
> +	if (mode == LIO_WAIT) {
> +		wait_event(ctx->wait, atomic_read(&lio->lio_users) == 0);
> +		kfree(lio);
> +	}
> +out_put_ctx:
>  	put_ioctx(ctx);
> -	return i ? i: ret;
> +	return ret;
>  }
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ