Fix a mutex_unlock() issue where before copy_from_user() is
not called mutex_locked.
Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
Reported-by: Hulk Robot <[email protected]>
Signed-off-by: Luo Meng <[email protected]>
---
kernel/fail_function.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/fail_function.c b/kernel/fail_function.c
index 63b349168da7..b0b1ad93fa95 100644
--- a/kernel/fail_function.c
+++ b/kernel/fail_function.c
@@ -253,7 +253,7 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
if (copy_from_user(buf, buffer, count)) {
ret = -EFAULT;
- goto out;
+ goto out_free;
}
buf[count] = '\0';
sym = strstrip(buf);
@@ -307,8 +307,9 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
ret = count;
}
out:
- kfree(buf);
mutex_unlock(&fei_lock);
+out_free:
+ kfree(buf);
return ret;
}
--
2.25.4
Hi Luo,
On Tue, 10 Nov 2020 16:42:45 +0800
Luo Meng <[email protected]> wrote:
> Fix a mutex_unlock() issue where before copy_from_user() is
> not called mutex_locked.
Oops, thank you for the fix.
Acked-by: Masami Hiramatsu <[email protected]>
>
> Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
> Reported-by: Hulk Robot <[email protected]>
> Signed-off-by: Luo Meng <[email protected]>
> ---
> kernel/fail_function.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/fail_function.c b/kernel/fail_function.c
> index 63b349168da7..b0b1ad93fa95 100644
> --- a/kernel/fail_function.c
> +++ b/kernel/fail_function.c
> @@ -253,7 +253,7 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
>
> if (copy_from_user(buf, buffer, count)) {
> ret = -EFAULT;
> - goto out;
> + goto out_free;
> }
> buf[count] = '\0';
> sym = strstrip(buf);
> @@ -307,8 +307,9 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
> ret = count;
> }
> out:
> - kfree(buf);
> mutex_unlock(&fei_lock);
> +out_free:
> + kfree(buf);
> return ret;
> }
>
> --
> 2.25.4
>
--
Masami Hiramatsu <[email protected]>
On Wed, Nov 11, 2020 at 1:31 AM Masami Hiramatsu <[email protected]> wrote:
>
> Hi Luo,
>
> On Tue, 10 Nov 2020 16:42:45 +0800
> Luo Meng <[email protected]> wrote:
>
> > Fix a mutex_unlock() issue where before copy_from_user() is
> > not called mutex_locked.
>
> Oops, thank you for the fix.
>
> Acked-by: Masami Hiramatsu <[email protected]>
Did anyone pick this up?
If not, please resend cc-ing bpf@vger so it can get into patchwork and
be processed by bpf maintainers.
Thanks!
> >
> > Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
> > Reported-by: Hulk Robot <[email protected]>
> > Signed-off-by: Luo Meng <[email protected]>
> > ---
> > kernel/fail_function.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/kernel/fail_function.c b/kernel/fail_function.c
> > index 63b349168da7..b0b1ad93fa95 100644
> > --- a/kernel/fail_function.c
> > +++ b/kernel/fail_function.c
> > @@ -253,7 +253,7 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
> >
> > if (copy_from_user(buf, buffer, count)) {
> > ret = -EFAULT;
> > - goto out;
> > + goto out_free;
> > }
> > buf[count] = '\0';
> > sym = strstrip(buf);
> > @@ -307,8 +307,9 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
> > ret = count;
> > }
> > out:
> > - kfree(buf);
> > mutex_unlock(&fei_lock);
> > +out_free:
> > + kfree(buf);
> > return ret;
> > }
> >
> > --
> > 2.25.4
> >
>
>
> --
> Masami Hiramatsu <[email protected]>
Hi,
On Tue, 17 Nov 2020 20:08:08 -0800
Alexei Starovoitov <[email protected]> wrote:
> On Wed, Nov 11, 2020 at 1:31 AM Masami Hiramatsu <[email protected]> wrote:
> >
> > Hi Luo,
> >
> > On Tue, 10 Nov 2020 16:42:45 +0800
> > Luo Meng <[email protected]> wrote:
> >
> > > Fix a mutex_unlock() issue where before copy_from_user() is
> > > not called mutex_locked.
> >
> > Oops, thank you for the fix.
> >
> > Acked-by: Masami Hiramatsu <[email protected]>
>
> Did anyone pick this up?
> If not, please resend cc-ing bpf@vger so it can get into patchwork and
> be processed by bpf maintainers.
OK, I'll resend this to the bpf@vger.
Thank you,
>
> Thanks!
>
> > >
> > > Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
> > > Reported-by: Hulk Robot <[email protected]>
> > > Signed-off-by: Luo Meng <[email protected]>
> > > ---
> > > kernel/fail_function.c | 5 +++--
> > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/kernel/fail_function.c b/kernel/fail_function.c
> > > index 63b349168da7..b0b1ad93fa95 100644
> > > --- a/kernel/fail_function.c
> > > +++ b/kernel/fail_function.c
> > > @@ -253,7 +253,7 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
> > >
> > > if (copy_from_user(buf, buffer, count)) {
> > > ret = -EFAULT;
> > > - goto out;
> > > + goto out_free;
> > > }
> > > buf[count] = '\0';
> > > sym = strstrip(buf);
> > > @@ -307,8 +307,9 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
> > > ret = count;
> > > }
> > > out:
> > > - kfree(buf);
> > > mutex_unlock(&fei_lock);
> > > +out_free:
> > > + kfree(buf);
> > > return ret;
> > > }
> > >
> > > --
> > > 2.25.4
> > >
> >
> >
> > --
> > Masami Hiramatsu <[email protected]>
--
Masami Hiramatsu <[email protected]>
From: Luo Meng <[email protected]>
Fix a mutex_unlock() issue where before copy_from_user() is
not called mutex_locked.
Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
Reported-by: Hulk Robot <[email protected]>
Acked-by: Masami Hiramatsu <[email protected]>
Signed-off-by: Luo Meng <[email protected]>
Signed-off-by: Masami Hiramatsu <[email protected]>
---
0 files changed
diff --git a/kernel/fail_function.c b/kernel/fail_function.c
index 63b349168da7..b0b1ad93fa95 100644
--- a/kernel/fail_function.c
+++ b/kernel/fail_function.c
@@ -253,7 +253,7 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
if (copy_from_user(buf, buffer, count)) {
ret = -EFAULT;
- goto out;
+ goto out_free;
}
buf[count] = '\0';
sym = strstrip(buf);
@@ -307,8 +307,9 @@ static ssize_t fei_write(struct file *file, const char __user *buffer,
ret = count;
}
out:
- kfree(buf);
mutex_unlock(&fei_lock);
+out_free:
+ kfree(buf);
return ret;
}
Hello:
This patch was applied to bpf/bpf.git (refs/heads/master):
On Wed, 18 Nov 2020 22:49:31 +0900 you wrote:
> From: Luo Meng <[email protected]>
>
> Fix a mutex_unlock() issue where before copy_from_user() is
> not called mutex_locked.
>
> Fixes: 4b1a29a7f542 ("error-injection: Support fault injection framework")
> Reported-by: Hulk Robot <[email protected]>
> Acked-by: Masami Hiramatsu <[email protected]>
> Signed-off-by: Luo Meng <[email protected]>
> Signed-off-by: Masami Hiramatsu <[email protected]>
>
> [...]
Here is the summary with links:
- fail_function: remove a redundant mutex unlock
https://git.kernel.org/bpf/bpf/c/891515d945a3
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html