Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1865687ybh; Tue, 14 Jul 2020 09:15:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzro1rn3grdWrRDL9bD361ORdnkjjnH98gjVikmgLObFlWEfKytBShHAS1WlfnKQZZ8Ix17 X-Received: by 2002:a17:906:6446:: with SMTP id l6mr5414686ejn.184.1594743324918; Tue, 14 Jul 2020 09:15:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594743324; cv=none; d=google.com; s=arc-20160816; b=msl3bjoWsOuSZe2N31DVbgQBG2R8++TZSoMqjLWpSl1N+agUccqma3oFlt2H/JCFu1 HCP5XCnFhXUaVdKZUp0J8ttScAIKwQ5u00I+859qiUbTniVBH+C+kSrQClRYkydCcTeo qJ82KlrLhZGMAXfj73MIsWRL2J/Bh3J0BLFdHj+XEfEdiuAdi524HHuM2mUJ0DkMNeJ0 Ic6dW6osKnZ7l8PxMoqjYw4aGVB362Orb/LItFDdJp8a5dArIvtgL9gZ6tlb1qJm2j4H T5qKWSARNlV+n4z4qMICphME1649f0gZ7rVWeBYR2LhZyTZGQcvKLvBgW2i7G7EzpLjv aVpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:to :from; bh=BTOPFu68BFovAcAa3WnVsKIXTj5/j7UvOQUtfMn4yk8=; b=tcolq8M5Jvs67sKrXGdYLNuh1eTLdUquiJXE0cjQEoHM7v3ESk9gjgH/IuCC2jS5iC Da4fxHslHO3ZZxOr4R0yDtetq17Ez6gbTwqzSaqbSWUOe5E9YhpmnjDteSSuG4r0mGRk gArTDTntpDLrI0JrT354im0sezDAVJgllm1eZA2+9p6L4gvk8DR5wcvSVmr+kpGqUBSG beKtqvFmZz0Xn/c7k68fr5/EKr50LvryzRkiwubdjaYCkv+4+Zy5YPQEAcLdxT8tbK8f rjg4IOqt16ZbQ7nWL5XGQYiym4pTQm3zr+sb/NZ9xdFzSVhLSk2IPaA5pdSKV2UFLshF RCkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y2si11991094edp.396.2020.07.14.09.15.01; Tue, 14 Jul 2020 09:15:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727898AbgGNQM0 (ORCPT + 99 others); Tue, 14 Jul 2020 12:12:26 -0400 Received: from mail5.windriver.com ([192.103.53.11]:52440 "EHLO mail5.wrs.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725890AbgGNQM0 (ORCPT ); Tue, 14 Jul 2020 12:12:26 -0400 Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail5.wrs.com (8.15.2/8.15.2) with ESMTPS id 06EGBTsF000671 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 14 Jul 2020 09:12:16 -0700 Received: from pek-lpggp1.wrs.com (128.224.153.74) by ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server id 14.3.487.0; Tue, 14 Jul 2020 09:12:05 -0700 From: To: , Subject: [PATCH] userfaultfd: avoid the duplicated release for userfaultfd_ctx Date: Wed, 15 Jul 2020 00:12:03 +0800 Message-ID: <20200714161203.31879-1-yanfei.xu@windriver.com> X-Mailer: git-send-email 2.18.2 MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yanfei Xu when get_unused_fd_flags gets failure, userfaultfd_ctx_cachep will be freed by userfaultfd_fops's release function which is the userfaultfd_release. So we could return directly after fput(). userfaultfd_release()->userfaultfd_ctx_put(ctx) Fixes: d08ac70b1e0d (Wire UFFD up to SELinux) Reported-by: syzbot+75867c44841cb6373570@syzkaller.appspotmail.com Signed-off-by: Yanfei Xu --- fs/userfaultfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 3a4d6ac5a81a..e98317c15530 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -2049,7 +2049,7 @@ SYSCALL_DEFINE1(userfaultfd, int, flags) fd = get_unused_fd_flags(O_RDONLY | O_CLOEXEC); if (fd < 0) { fput(file); - goto out; + return fd; } ctx->owner = file_inode(file); -- 2.18.2