dump_vma_snapshot() allocs memory for *vma_meta, when dump_vma_snapshot()
returns -EFAULT, the memory will be leaked, so we free it correctly.
Fixes: a07279c9a8cd7 ("binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot")
Cc: [email protected] # v5.10
Signed-off-by: QiuXi <[email protected]>
---
fs/coredump.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 07afb5ddb1c4..19fe5312c10f 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1127,8 +1127,10 @@ int dump_vma_snapshot(struct coredump_params *cprm, int *vma_count,
mmap_write_unlock(mm);
- if (WARN_ON(i != *vma_count))
+ if (WARN_ON(i != *vma_count)) {
+ kvfree(*vma_meta);
return -EFAULT;
+ }
*vma_data_size_ptr = vma_data_size;
return 0;
--
2.12.3
On Tue, Aug 10, 2021 at 4:04 AM QiuXi <[email protected]> wrote:
> dump_vma_snapshot() allocs memory for *vma_meta, when dump_vma_snapshot()
> returns -EFAULT, the memory will be leaked, so we free it correctly.
The change itself looks reasonable to me.
> Fixes: a07279c9a8cd7 ("binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot")
> Cc: [email protected] # v5.10
But I think this shouldn't be "Cc: stable". The patch only removes a
memory leak in a WARN_ON() path, and that WARN_ON() path can only be
taken if there is a kernel bug; if we reach this branch, there's a
good chance that kernel memory corruption has already occurred.
> Signed-off-by: QiuXi <[email protected]>
> ---
> fs/coredump.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/coredump.c b/fs/coredump.c
> index 07afb5ddb1c4..19fe5312c10f 100644
> --- a/fs/coredump.c
> +++ b/fs/coredump.c
> @@ -1127,8 +1127,10 @@ int dump_vma_snapshot(struct coredump_params *cprm, int *vma_count,
>
> mmap_write_unlock(mm);
>
> - if (WARN_ON(i != *vma_count))
> + if (WARN_ON(i != *vma_count)) {
> + kvfree(*vma_meta);
> return -EFAULT;
> + }
>
> *vma_data_size_ptr = vma_data_size;
> return 0;
> --
> 2.12.3
>