If ->follow_link handler return the error, it should decrement
nd->path refcnt. But, ecryptfs_follow_link() doesn't decrement.
This patch fix it by using usual nd_set_link() style error handling,
instead of playing with nd->path.
Signed-off-by: OGAWA Hirofumi <[email protected]>
---
fs/ecryptfs/inode.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff -puN fs/ecryptfs/inode.c~namei-ecryptfs-follow_link-fix fs/ecryptfs/inode.c
--- linux-2.6/fs/ecryptfs/inode.c~namei-ecryptfs-follow_link-fix 2010-01-12 00:15:10.000000000 +0900
+++ linux-2.6-hirofumi/fs/ecryptfs/inode.c 2010-01-12 00:15:10.000000000 +0900
@@ -715,7 +715,7 @@ static void *ecryptfs_follow_link(struct
/* Released in ecryptfs_put_link(); only release here on error */
buf = kmalloc(len, GFP_KERNEL);
if (!buf) {
- rc = -ENOMEM;
+ buf = ERR_PTR(-ENOMEM);
goto out;
}
old_fs = get_fs();
@@ -723,23 +723,22 @@ static void *ecryptfs_follow_link(struct
rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
set_fs(old_fs);
if (rc < 0)
- goto out_free;
+ buf = ERR_PTR(rc);
else
buf[rc] = '\0';
- rc = 0;
- nd_set_link(nd, buf);
- goto out;
-out_free:
- kfree(buf);
out:
- return ERR_PTR(rc);
+ nd_set_link(nd, buf);
+ return NULL;
}
static void
ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
{
- /* Free the char* */
- kfree(nd_get_link(nd));
+ char *buf = nd_get_link(nd);
+ if (!IS_ERR(buf)) {
+ /* Free the char* */
+ kfree(buf);
+ }
}
/**
_
--
OGAWA Hirofumi <[email protected]>
On Tue, Jan 12, 2010 at 03:36:14AM +0900, OGAWA Hirofumi wrote:
>
> If ->follow_link handler return the error, it should decrement
> nd->path refcnt. But, ecryptfs_follow_link() doesn't decrement.
>
> This patch fix it by using usual nd_set_link() style error handling,
> instead of playing with nd->path.
Applied.
Al Viro <[email protected]> writes:
> On Tue, Jan 12, 2010 at 03:36:14AM +0900, OGAWA Hirofumi wrote:
>>
>> If ->follow_link handler return the error, it should decrement
>> nd->path refcnt. But, ecryptfs_follow_link() doesn't decrement.
>>
>> This patch fix it by using usual nd_set_link() style error handling,
>> instead of playing with nd->path.
>
> Applied.
Sigh, sorry. I introduced new bug by this patch. Please apply this too.
--
OGAWA Hirofumi <[email protected]>
[PATCH] ecryptfs: Fix memory leak of buf in ecryptfs_follow_link()
Fix memory leak of buf in ecryptfs_follow_link() in recent my change.
Signed-off-by: OGAWA Hirofumi <[email protected]>
---
fs/ecryptfs/inode.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff -puN fs/ecryptfs/inode.c~namei-ecryptfs-follow_link-fix-fix fs/ecryptfs/inode.c
--- linux-2.6/fs/ecryptfs/inode.c~namei-ecryptfs-follow_link-fix-fix 2010-01-14 05:33:49.000000000 +0900
+++ linux-2.6-hirofumi/fs/ecryptfs/inode.c 2010-01-14 05:34:30.000000000 +0900
@@ -722,9 +722,10 @@ static void *ecryptfs_follow_link(struct
set_fs(get_ds());
rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
set_fs(old_fs);
- if (rc < 0)
+ if (rc < 0) {
+ kfree(buf);
buf = ERR_PTR(rc);
- else
+ } else
buf[rc] = '\0';
out:
nd_set_link(nd, buf);
_
On Thu, Jan 14, 2010 at 12:32:13PM +0900, OGAWA Hirofumi wrote:
> Al Viro <[email protected]> writes:
>
> > On Tue, Jan 12, 2010 at 03:36:14AM +0900, OGAWA Hirofumi wrote:
> >>
> >> If ->follow_link handler return the error, it should decrement
> >> nd->path refcnt. But, ecryptfs_follow_link() doesn't decrement.
> >>
> >> This patch fix it by using usual nd_set_link() style error handling,
> >> instead of playing with nd->path.
> >
> > Applied.
>
> Sigh, sorry. I introduced new bug by this patch. Please apply this too.
I'll fold it. BTW, while we are at it, there's a leak in configfs/symlink.c
get_target() as well ;-/