lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170327212127.GF29622@ZenIV.linux.org.uk>
Date:   Mon, 27 Mar 2017 22:21:27 +0100
From:   Al Viro <viro@...IV.linux.org.uk>
To:     Vito Caputo <vcaputo@...garu.com>
Cc:     hughd@...gle.com, linux-kernel <linux-kernel@...r.kernel.org>,
        linux-mm@...ck.org
Subject: Re: [PATCH] shmem: fix __shmem_file_setup error path leaks

On Mon, Mar 27, 2017 at 10:05:34AM -0700, Vito Caputo wrote:
> The existing path and memory cleanups appear to be in reverse order, and
> there's no iput() potentially leaking the inode in the last two error gotos.
> 
> Also make put_memory shmem_unacct_size() conditional on !inode since if we
> entered cleanup at put_inode, shmem_evict_inode() occurs via
> iput()->iput_final(), which performs the shmem_unacct_size() for us.
> 
> Signed-off-by: Vito Caputo <vcaputo@...garu.com>
> ---
> 
> This caught my eye while looking through the memfd_create() implementation.
> Included patch was compile tested only...

Obviously so, since you've just introduced a double iput() there.  After
        d_instantiate(path.dentry, inode);
dropping the reference to path.dentry (done by path_put(&path)) will drop
the reference to inode transferred into that dentry by d_instantiate().
NAK.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ