lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170328005227.GW802@shells.gnugeneration.com>
Date:   Mon, 27 Mar 2017 17:52:27 -0700
From:   vcaputo@...garu.com
To:     Al Viro <viro@...IV.linux.org.uk>
Cc:     hughd@...gle.com, linux-kernel <linux-kernel@...r.kernel.org>,
        linux-mm@...ck.org
Subject: Re: [PATCH] shmem: fix __shmem_file_setup error path leaks

On Mon, Mar 27, 2017 at 10:21:27PM +0100, Al Viro wrote:
> On Mon, Mar 27, 2017 at 10:05:34AM -0700, Vito Caputo wrote:
> > The existing path and memory cleanups appear to be in reverse order, and
> > there's no iput() potentially leaking the inode in the last two error gotos.
> > 
> > Also make put_memory shmem_unacct_size() conditional on !inode since if we
> > entered cleanup at put_inode, shmem_evict_inode() occurs via
> > iput()->iput_final(), which performs the shmem_unacct_size() for us.
> > 
> > Signed-off-by: Vito Caputo <vcaputo@...garu.com>
> > ---
> > 
> > This caught my eye while looking through the memfd_create() implementation.
> > Included patch was compile tested only...
> 
> Obviously so, since you've just introduced a double iput() there.  After
>         d_instantiate(path.dentry, inode);
> dropping the reference to path.dentry (done by path_put(&path)) will drop
> the reference to inode transferred into that dentry by d_instantiate().
> NAK.

I see, so it's correct as-is, thanks for the review and apologies for the
noise!

Cheers,
Vito Caputo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ