From: Yanfei Xu <[email protected]>
when get_unused_fd_flags gets failure, userfaultfd_ctx_cachep will
be freed by userfaultfd_fops's release function which is the
userfaultfd_release. So we could return directly after fput().
userfaultfd_release()->userfaultfd_ctx_put(ctx)
Fixes: d08ac70b1e0d (Wire UFFD up to SELinux)
Reported-by: [email protected]
Signed-off-by: Yanfei Xu <[email protected]>
---
fs/userfaultfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 3a4d6ac5a81a..e98317c15530 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -2049,7 +2049,7 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
if (fd < 0) {
fput(file);
- goto out;
+ return fd;
}
ctx->owner = file_inode(file);
--
2.18.2
Add maintainer Alexander Viro :)
On 7/15/20 12:12 AM, [email protected] wrote:
> From: Yanfei Xu <[email protected]>
>
> when get_unused_fd_flags gets failure, userfaultfd_ctx_cachep will
> be freed by userfaultfd_fops's release function which is the
> userfaultfd_release. So we could return directly after fput().
>
> userfaultfd_release()->userfaultfd_ctx_put(ctx)
>
> Fixes: d08ac70b1e0d (Wire UFFD up to SELinux)
> Reported-by: [email protected]
> Signed-off-by: Yanfei Xu <[email protected]>
> ---
> fs/userfaultfd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index 3a4d6ac5a81a..e98317c15530 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -2049,7 +2049,7 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
> fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
> if (fd < 0) {
> fput(file);
> - goto out;
> + return fd;
> }
>
> ctx->owner = file_inode(file);
>
ping Al Viro
Could you please help to review this patch? Thanks a lot.
Yanfei
On 7/15/20 12:12 AM, [email protected] wrote:
> From: Yanfei Xu <[email protected]>
>
> when get_unused_fd_flags gets failure, userfaultfd_ctx_cachep will
> be freed by userfaultfd_fops's release function which is the
> userfaultfd_release. So we could return directly after fput().
>
> userfaultfd_release()->userfaultfd_ctx_put(ctx)
>
> Fixes: d08ac70b1e0d (Wire UFFD up to SELinux)
> Reported-by: [email protected]
> Signed-off-by: Yanfei Xu <[email protected]>
> ---
> fs/userfaultfd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index 3a4d6ac5a81a..e98317c15530 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -2049,7 +2049,7 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
> fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC);
> if (fd < 0) {
> fput(file);
> - goto out;
> + return fd;
> }
>
> ctx->owner = file_inode(file);
>
On Sun, Jul 19, 2020 at 09:58:34PM +0800, Xu, Yanfei wrote:
> ping Al Viro
>
> Could you please help to review this patch? Thanks a lot.
That's -next, right? As for the patch itself... Frankly,
Daniel's patch looks seriously wrong.
* why has O_CLOEXEC been quietly smuggled in? It's
a userland ABI change, for fsck sake...
* the double-put you've spotted
* the whole out: thing - just make it
if (IS_ERR(file)) {
userfaultfd_ctx_put(ctx);
return PTR_ERR(file);
}
and be done with that.
On 7/20/20 12:57 AM, Al Viro wrote:
> On Sun, Jul 19, 2020 at 09:58:34PM +0800, Xu, Yanfei wrote:
>> ping Al Viro
>>
>> Could you please help to review this patch? Thanks a lot.
>
> That's -next, right? As for the patch itself... Frankly,
Yes, it's -next.
> Daniel's patch looks seriously wrong.
Get it.
Regards,
Yanfei
> * why has O_CLOEXEC been quietly smuggled in? It's
> a userland ABI change, for fsck sake...
> * the double-put you've spotted
> * the whole out: thing - just make it
> if (IS_ERR(file)) {
> userfaultfd_ctx_put(ctx);
> return PTR_ERR(file);
> }
> and be done with that.
>
On Sun, Jul 19, 2020 at 6:34 PM Xu, Yanfei <[email protected]> wrote:
>
>
>
> On 7/20/20 12:57 AM, Al Viro wrote:
> > On Sun, Jul 19, 2020 at 09:58:34PM +0800, Xu, Yanfei wrote:
> >> ping Al Viro
> >>
> >> Could you please help to review this patch? Thanks a lot.
> >
> > That's -next, right? As for the patch itself... Frankly,
> Yes, it's -next.
> > Daniel's patch looks seriously wrong.
> Get it.
>
> Regards,
> Yanfei
> > * why has O_CLOEXEC been quietly smuggled in? It's
> > a userland ABI change, for fsck sake...
> > * the double-put you've spotted
> > * the whole out: thing - just make it
> > if (IS_ERR(file)) {
> > userfaultfd_ctx_put(ctx);
> > return PTR_ERR(file);
> > }
> > and be done with that.
> >
Adding Lokesh to take a look.