Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754386AbbLEREs (ORCPT <rfc822;w@1wt.eu>);
	Sat, 5 Dec 2015 12:04:48 -0500
Received: from aserp1040.oracle.com ([141.146.126.69]:28478 "EHLO
	aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754106AbbLEREr (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sat, 5 Dec 2015 12:04:47 -0500
From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
To: lkml <linux-kernel@vger.kernel.org>
Cc: Vegard Nossum <vegard.nossum@oracle.com>,
        Sasha Levin <sasha.levin@oracle.com>, Jan Kara <jack@suse.cz>,
        Quentin Casasnovas <quentin.casasnovas@oracle.com>
Subject: [PATCH] isofs: memory leaks when reading corrupted filesystems.
Date: Sat,  5 Dec 2015 18:05:42 +0100
Message-Id: <1449335142-6798-1-git-send-email-quentin.casasnovas@oracle.com>
X-Mailer: git-send-email 2.4.9
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1696
Lines: 51

Vegard and I found that when a directory on isofs is corrupted, we are not
releasing the associated buffer_head, leading to a memory leak.  This was
introduced by:

 2deb1acc653c ("isofs: fix access to unallocated memory when reading corrupted filesystem")

This was found by fuzzing.

Cc: <stable@vger.kernel.org>
Cc: Jan Kara <jack@suse.cz>
Fixes: 2deb1acc653c ("isofs: fix access to unallocated memory when reading...")
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Tested-by: Vegard Nossum <vegard.nossum@oracle.com>
---
 fs/isofs/dir.c   | 1 +
 fs/isofs/namei.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/fs/isofs/dir.c b/fs/isofs/dir.c
index b943cbd..2e7d74c 100644
--- a/fs/isofs/dir.c
+++ b/fs/isofs/dir.c
@@ -151,6 +151,7 @@ static int do_isofs_readdir(struct inode *inode, struct file *file,
 			printk(KERN_NOTICE "iso9660: Corrupted directory entry"
 			       " in block %lu of inode %lu\n", block,
 			       inode->i_ino);
+			brelse(bh);
 			return -EIO;
 		}
 
diff --git a/fs/isofs/namei.c b/fs/isofs/namei.c
index 7b543e6..696f255 100644
--- a/fs/isofs/namei.c
+++ b/fs/isofs/namei.c
@@ -101,6 +101,7 @@ isofs_find_entry(struct inode *dir, struct dentry *dentry,
 			printk(KERN_NOTICE "iso9660: Corrupted directory entry"
 			       " in block %lu of inode %lu\n", block,
 			       dir->i_ino);
+			brelse(bh);
 			return 0;
 		}
 
-- 
2.4.9

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/