Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759256Ab0BYKtM (ORCPT ); Thu, 25 Feb 2010 05:49:12 -0500 Received: from mail-pv0-f174.google.com ([74.125.83.174]:34857 "EHLO mail-pv0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759058Ab0BYKtK convert rfc822-to-8bit (ORCPT ); Thu, 25 Feb 2010 05:49:10 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=fnaKc4+bOyZ6ufFmjGYGBoV9jzxz70u6c5/NLF0BLKE7oVsYUQ1W+Xj8q+7c8owrK2 5Muv6SvHhEtOtg4fBJ2hJcDsue+lxNI2W9maFB7IK1pYLOeN+sATsW9axIlsoDM13itz g6VzNFEnOCoQt0OtQJJ4SYckXwBpbnU7ZHzmI= MIME-Version: 1.0 In-Reply-To: <2375c9f91002242259n2fabb190ic77d6ca603bd1df7@mail.gmail.com> References: <2375c9f91002241935k56dff805q57582d998b660889@mail.gmail.com> <7b6bb4a51002242000x49f0b3bdncb40912bf18f90bb@mail.gmail.com> <2375c9f91002242025n1ab73e18i5950aa4f14ea36db@mail.gmail.com> <2375c9f91002242259n2fabb190ic77d6ca603bd1df7@mail.gmail.com> Date: Thu, 25 Feb 2010 18:49:09 +0800 Message-ID: <7b6bb4a51002250249t7e4f03c9r6b2b9a8f348a29aa@mail.gmail.com> Subject: Re: [PATCH 6/6] mqueue: fix mq_open() file descriptor leak on user-space processes From: Xiaotian Feng To: =?UTF-8?Q?Am=C3=A9rico_Wang?= Cc: =?UTF-8?Q?Andr=C3=A9_Goddard_Rosa?= , Andrew Morton , "Serge E . Hallyn" , Cedric Le Goater , Al Viro , linux-kernel@vger.kernel.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1965 Lines: 65 On Thu, Feb 25, 2010 at 2:59 PM, Américo Wang wrote: > On Thu, Feb 25, 2010 at 12:25 PM, Américo Wang wrote: >> On Thu, Feb 25, 2010 at 12:00 PM, Xiaotian Feng wrote: >>> 2010/2/25 Américo Wang : >>>> On Tue, Feb 23, 2010 at 3:04 PM, André Goddard Rosa >>>> wrote: >>>>> It can be triggered by the following test program: >>>>> >>>> >>>> >>>> >>>>> >>>>> When not running valgrind, user-space program segfaults trying to execute >>>>> strerror(errno). With valgrind, it executes successfully and prints the >>>>> 5 open files: stdin, stdout, stderr, pipe[0] and pipe[1]. >>>>> >>>>> Signed-off-by: André Goddard Rosa >>>>> --- >>>> >>>> The code has more than just this problem, could you please try >>>> my patch below? >>>> >>>> Thanks. >>>> >>>> ----------------------------> >>>> >>>> Clean up the failure path of sys_mq_open(). >>>> >>>> Reorder the goto labels; >>>> Rename 'upsem' to 'upunlock'; >>>> Remove some unused labels; >>>> Fix some wrong goto path. >>>> >>> >>> I think it's wrong to move dput after mntput >> >> Oh, this is to say mntget() should be called before lookup_one_len(), >> the original code seems wrong again... >> > > How about the one below? This is definitely wrong, if (IS_ERR(filp)) { error = PTR_ERR(filp); - goto out_putfd; + goto out; } filp is assigned by do_open or do_create in mqueue.c, take a look at the code, if do_open/do_create is failed, kernel is already dput & mntput... So I think original patch from André is enough.... > --------- > > Signed-off-by: WANG Cong > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/