| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 May 2017 10:49:16 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Masami Ichikawa <masami256@...il.com>
Cc: "Serge E. Hallyn" <serge@...lyn.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
containers@...ts.linux-foundation.org, lkp@...org,
xiaolong.ye@...el.com, LKML <linux-kernel@...r.kernel.org>
Subject: Re: 64fa03de33: BUG:Dentry_still_in_use
Quoting Masami Ichikawa (masami256@...il.com):
> On Mon, May 8, 2017 at 1:44 PM, Serge E. Hallyn <serge@...lyn.com> wrote:
> > From 6a3fb632f67f8425c6e76c65dad8115f1550d2a0 Mon Sep 17 00:00:00 2001
> > From: Serge Hallyn <serge@...lyn.com>
> > Date: Sun, 7 May 2017 23:40:42 -0500
> > Subject: [PATCH 1/1] cap_inode_getsecurity: don't pin dentry (fold up)
> >
> > This should fix the "Dentry_still_in_use" reported by the kernel
> > test robot.
> >
> > Signed-off-by: Serge Hallyn <serge@...lyn.com>
> > ---
> > security/commoncap.c | 27 +++++++++++++++------------
> > 1 file changed, 15 insertions(+), 12 deletions(-)
> >
> > diff --git a/security/commoncap.c b/security/commoncap.c
> > index a1a2935..c970b71 100644
> > --- a/security/commoncap.c
> > +++ b/security/commoncap.c
> > @@ -406,21 +406,21 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
> > &tmpbuf, size, GFP_NOFS);
> >
> > if (ret < 0)
> > - return ret;
> > + goto out;
> >
> > fs_ns = inode->i_sb->s_user_ns;
> > cap = (struct vfs_cap_data *) tmpbuf;
> > if (is_v2header(ret, cap->magic_etc)) {
> > /* If this is sizeof(vfs_cap_data) then we're ok with the
> > * on-disk value, so return that. */
> > - if (alloc)
> > + if (alloc) {
> > *buffer = tmpbuf;
> > - else
> > - kfree(tmpbuf);
> > - return ret;
> > + tmpbuf = NULL;
> > + }
> > + goto out;
> > } else if (!is_v3header(ret, cap->magic_etc)) {
> > - kfree(tmpbuf);
> > - return -EINVAL;
> > + ret = -EINVAL;
> > + goto out;
> > }
> >
> > nscap = (struct vfs_ns_cap_data *) tmpbuf;
> > @@ -434,14 +434,14 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
> > if (alloc) {
> > *buffer = tmpbuf;
> > nscap->rootid = cpu_to_le32(mappedroot);
> > - } else
> > - kfree(tmpbuf);
> > - return size;
> > + tmpbuf = NULL;
> > + }
> > + goto out;
> > }
> >
> > if (!rootid_owns_currentns(kroot)) {
> > - kfree(tmpbuf);
> > - return -EOPNOTSUPP;
> > + ret = -EOPNOTSUPP;
> > + goto out;
> > }
> >
> > /* This comes from a parent namespace. Return as a v2 capability */
> > @@ -459,6 +459,9 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
> > cap->magic_etc = cpu_to_le32(magic);
> > }
> > }
> > +
> > +out:
> > + dput(dentry);
> > kfree(tmpbuf);
> > return size;
>
> If ret is set to some error code, e.g. -EINVAL, then jump to out
> label, this function should return error code, doesn't it?
D'oh, yes.
Sorry, I'd wanted to ack the fact that there was a real bug before I went to bed.
I'll send a proper patch tonight.
Powered by blists - more mailing lists