lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 May 2020 10:54:15 -0400 From: "Theodore Y. Ts'o" <tytso@....edu> To: Xiyu Yang <xiyuyang19@...an.edu.cn> Cc: Andreas Dilger <adilger.kernel@...ger.ca>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, yuanxzhang@...an.edu.cn, kjlu@....edu, Xin Tan <tanxin.ctf@...il.com> Subject: Re: [PATCH] ext4: Fix buffer_head refcnt leak when ext4_iget() fails On Thu, Apr 23, 2020 at 01:09:27PM +0800, Xiyu Yang wrote: > ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a > reference of the specified buffer_head object to "bitmap_bh" with > increased refcnt. > > When ext4_orphan_get() returns, local variable "bitmap_bh" becomes > invalid, so the refcount should be decreased to keep refcount balanced. > > The reference counting issue happens in one exception handling path of > ext4_orphan_get(). When ext4_iget() fails, the function forgets to > decrease the refcnt increased by ext4_read_inode_bitmap(), causing a > refcnt leak. > > Fix this issue by calling brelse() when ext4_iget() fails. > > Signed-off-by: Xiyu Yang <xiyuyang19@...an.edu.cn> > Signed-off-by: Xin Tan <tanxin.ctf@...il.com> Applied, thanks. - Ted
Powered by blists - more mailing lists