lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200828092119.GE7072@quack2.suse.cz>
Date:   Fri, 28 Aug 2020 11:21:19 +0200
From:   Jan Kara <jack@...e.cz>
To:     Dinghao Liu <dinghao.liu@....edu.cn>
Cc:     kjlu@....edu, Theodore Ts'o <tytso@....edu>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ext4: Fix memleak in add_new_gdb

On Thu 27-08-20 14:28:43, Dinghao Liu wrote:
> When ext4_journal_get_write_access() fails, we should release
> n_group_desc, iloc.bh, dind and gdb_bh to prevent memleak.
> It's the same when ext4_handle_dirty_super() fails, but we
> don't need to release dind here because it has been released
> before.
> 
> Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>

Thanks for the patch! Some comments below:

> diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
> index a50b51270ea9..efc0a022ca8e 100644
> --- a/fs/ext4/resize.c
> +++ b/fs/ext4/resize.c
> @@ -843,8 +843,10 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
>  
>  	BUFFER_TRACE(dind, "get_write_access");
>  	err = ext4_journal_get_write_access(handle, dind);
> -	if (unlikely(err))
> +	if (unlikely(err)) {
>  		ext4_std_error(sb, err);
> +		goto errout;
> +	}

This hunk looks good.

> @@ -899,13 +901,17 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
>  
>  	le16_add_cpu(&es->s_reserved_gdt_blocks, -1);
>  	err = ext4_handle_dirty_super(handle, sb);
> -	if (err)
> +	if (err) {
>  		ext4_std_error(sb, err);
> +		goto errsuper;
> +	}
> +
>  	return err;
>  errout:
> +	brelse(dind);
> +errsuper:

But this is definitely wrong. Look, n_group_desc and gdb_bh are already
referenced from the superblock so you cannot free them, iloc.bh has been
released in ext4_mark_iloc_dirty().

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ