Possible Bug
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Mar 31 13:22:17 EDT 2016
On Thu, 31 Mar 2016 13:55:57 -0230, nick said:
> >>> In the fs/file_table.c file as from the root directory of your kernel tree change in the function,
> >>> get_empty_flip change these lines:
> >>> if (unlikely(error)) {
> >>> file_free(f);
> >>> return ERR_PTR(error);
> >>> }
> >>> to:
> >>> if (unlikely(error))
> >>> return ERR_PTR(error);
> >>> and tell me if that fixes your issue.
> >>> Nick
This is an incorrect fix, as the crash happens in security_file_alloc() -
before it ever even *reaches* the if statement.
In addition, you just leaked a reference on f->f_cred by
bypassing the put_cred() that file_free() calls.
If this happens to work, it's by accident, and is merely papering over
a more serious problem.
Spotting the reference leak is (or should have been) a 3 or 5 minute task -
look at the code, see there's a get_FOO() call, and ask where the matching
put_FOO() is. There's a get_cred() you need to have hit to get here - so
*somebody* needs to do a put_cred(). And then looking at the body of
file_free() *should* have shown you that your proposed fix is incredibly
incorrect.
Seriously Nick - please stop this. You're detracting from valuable developer
resources by submitting these incorrect fixes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20160331/86f8dcff/attachment.bin
More information about the Kernelnewbies
mailing list