lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1275393807-14369-15-git-send-email-tytso@mit.edu>
Date:	Tue,  1 Jun 2010 08:03:02 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	stable@...r.kernel.org
Cc:	Ext4 Developers List <linux-ext4@...r.kernel.org>,
	Curt Wohlgemuth <curtw@...gle.com>,
	"Theodore Ts'o" <tytso@....edu>
Subject: [PATCH 2.6.33.y 15/40] ext4: Fix buffer head leaks after calls to ext4_get_inode_loc()

From: Curt Wohlgemuth <curtw@...gle.com>

commit fd2dd9fbaf9e498ec63eef298921e36556f7214c upstream (as of v2.6.34-rc6)

Calls to ext4_get_inode_loc() returns with a reference to a buffer
head in iloc->bh.  The callers of this function in ext4_write_inode()
when in no journal mode and in ext4_xattr_fiemap() don't release the
buffer head after using it.

Addresses-Google-Bug: #2548165

Signed-off-by: Curt Wohlgemuth <curtw@...gle.com>
Signed-off-by: "Theodore Ts'o" <tytso@....edu>
---
 fs/ext4/extents.c |    1 +
 fs/ext4/inode.c   |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index b38058a..3afdded 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -3772,6 +3772,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		physical += offset;
 		length = EXT4_SB(inode->i_sb)->s_inode_size - offset;
 		flags |= FIEMAP_EXTENT_DATA_INLINE;
+		brelse(iloc.bh);
 	} else { /* external block */
 		physical = EXT4_I(inode)->i_file_acl << blockbits;
 		length = inode->i_sb->s_blocksize;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 28152f8..3e06a5d 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5217,6 +5217,7 @@ int ext4_write_inode(struct inode *inode, int wait)
 				   (unsigned long long)iloc.bh->b_blocknr);
 			err = -EIO;
 		}
+		brelse(iloc.bh);
 	}
 	return err;
 }
-- 
1.6.6.1.1.g974db.dirty

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ