| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Mar 2017 17:52:27 -0700
From: vcaputo@...garu.com
To: Al Viro <viro@...IV.linux.org.uk>
Cc: hughd@...gle.com, linux-kernel <linux-kernel@...r.kernel.org>,
linux-mm@...ck.org
Subject: Re: [PATCH] shmem: fix __shmem_file_setup error path leaks
On Mon, Mar 27, 2017 at 10:21:27PM +0100, Al Viro wrote:
> On Mon, Mar 27, 2017 at 10:05:34AM -0700, Vito Caputo wrote:
> > The existing path and memory cleanups appear to be in reverse order, and
> > there's no iput() potentially leaking the inode in the last two error gotos.
> >
> > Also make put_memory shmem_unacct_size() conditional on !inode since if we
> > entered cleanup at put_inode, shmem_evict_inode() occurs via
> > iput()->iput_final(), which performs the shmem_unacct_size() for us.
> >
> > Signed-off-by: Vito Caputo <vcaputo@...garu.com>
> > ---
> >
> > This caught my eye while looking through the memfd_create() implementation.
> > Included patch was compile tested only...
>
> Obviously so, since you've just introduced a double iput() there. After
> d_instantiate(path.dentry, inode);
> dropping the reference to path.dentry (done by path_put(&path)) will drop
> the reference to inode transferred into that dentry by d_instantiate().
> NAK.
I see, so it's correct as-is, thanks for the review and apologies for the
noise!
Cheers,
Vito Caputo
Powered by blists - more mailing lists