lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210908062603.6723-1-cymi20@fudan.edu.cn>
Date:   Wed,  8 Sep 2021 14:26:03 +0800
From:   Chenyuan Mi <cymi20@...an.edu.cn>
To:     unlisted-recipients:; (no To-header on input)
Cc:     yuanxzhang@...an.edu.cn, Chenyuan Mi <cymi20@...an.edu.cn>,
        Xiyu Yang <xiyuyang19@...an.edu.cn>,
        Xin Tan <tanxin.ctf@...il.com>, Mark Fasheh <mark@...heh.com>,
        Joel Becker <jlbec@...lplan.org>,
        Joseph Qi <joseph.qi@...ux.alibaba.com>,
        ocfs2-devel@....oracle.com, linux-kernel@...r.kernel.org
Subject: [PATCH] ocfs2: Fix handle refcount leak in two exception handling paths

The reference counting issue happens in two exception handling 
paths of ocfs2_replay_truncate_records(). When executing these 
two exception handling paths, the function forgets to decrease 
the refcount of handle increased by ocfs2_start_trans(), causing 
a refcount leak.

Fix this issue by using ocfs2_commit_trans() to decrease the 
refcount of handle in two handling paths.

Signed-off-by: Chenyuan Mi <cymi20@...an.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@...an.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@...il.com>

---
 fs/ocfs2/alloc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c
index f1cc8258d34a..b87960cdda0d 100644
--- a/fs/ocfs2/alloc.c
+++ b/fs/ocfs2/alloc.c
@@ -5941,7 +5941,7 @@ static int ocfs2_replay_truncate_records(struct ocfs2_super *osb,
 						 OCFS2_JOURNAL_ACCESS_WRITE);
 		if (status < 0) {
 			mlog_errno(status);
-			goto bail;
+			goto bail_commit;
 		}
 
 		tl->tl_used = cpu_to_le16(i);
@@ -5965,7 +5965,7 @@ static int ocfs2_replay_truncate_records(struct ocfs2_super *osb,
 						     num_clusters);
 			if (status < 0) {
 				mlog_errno(status);
-				goto bail;
+				goto bail_commit;
 			}
 		}
 
@@ -5975,6 +5975,8 @@ static int ocfs2_replay_truncate_records(struct ocfs2_super *osb,
 
 	osb->truncated_clusters = 0;
 
+bail_commit:
+	ocfs2_commit_trans(osb, handle);
 bail:
 	return status;
 }
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ