[PATCH OLK-5.10 0/2] ubifs mainline bugfix patch backport
ISSUE: https://gitee.com/openeuler/kernel/issues/I7JO0G 1. ubifs: Fix memory leak in do_rename 2. ubifs: Free memory for tmpfile name Mårten Lindahl (2): ubifs: Free memory for tmpfile name ubifs: Fix memory leak in do_rename fs/ubifs/dir.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) -- 2.31.1
From: Mårten Lindahl <marten.lindahl@axis.com> mainline inclusion from mainline-vv6.4-rc1 commit 1fb815b38bb31d6af9bd0540b8652a0d6fe6cfd3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7JO0G CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- When opening a ubifs tmpfile on an encrypted directory, function fscrypt_setup_filename allocates memory for the name that is to be stored in the directory entry, but after the name has been copied to the directory entry inode, the memory is not freed. When running kmemleak on it we see that it is registered as a leak. The report below is triggered by a simple program 'tmpfile' just opening a tmpfile: unreferenced object 0xffff88810178f380 (size 32): comm "tmpfile", pid 509, jiffies 4294934744 (age 1524.742s) backtrace: __kmem_cache_alloc_node __kmalloc fscrypt_setup_filename ubifs_tmpfile vfs_tmpfile path_openat Free this memory after it has been copied to the inode. Signed-off-by: Mårten Lindahl <marten.lindahl@axis.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com> --- fs/ubifs/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index aedd545886cb..4f75c802a02b 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -490,6 +490,7 @@ static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry, unlock_2_inodes(dir, inode); ubifs_release_budget(c, &req); + fscrypt_free_filename(&nm); return 0; -- 2.31.1
From: Mårten Lindahl <marten.lindahl@axis.com> mainline inclusion from mainline-v6.4-rc1 commit 3a36d20e012903f45714df2731261fdefac900cb category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7JO0G CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- If renaming a file in an encrypted directory, function fscrypt_setup_filename allocates memory for a file name. This name is never used, and before returning to the caller the memory for it is not freed. When running kmemleak on it we see that it is registered as a leak. The report below is triggered by a simple program 'rename' that renames a file in an encrypted directory: unreferenced object 0xffff888101502840 (size 32): comm "rename", pid 9404, jiffies 4302582475 (age 435.735s) backtrace: __kmem_cache_alloc_node __kmalloc fscrypt_setup_filename do_rename ubifs_rename vfs_rename do_renameat2 To fix this we can remove the call to fscrypt_setup_filename as it's not needed. Fixes: 278d9a243635f26 ("ubifs: Rename whiteout atomically") Reported-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Mårten Lindahl <marten.lindahl@axis.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com> --- fs/ubifs/dir.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 4f75c802a02b..33f2da805c97 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -357,7 +357,6 @@ static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry) umode_t mode = S_IFCHR | WHITEOUT_MODE; struct inode *inode; struct ubifs_info *c = dir->i_sb->s_fs_info; - struct fscrypt_name nm; /* * Create an inode('nlink = 1') for whiteout without updating journal, @@ -368,10 +367,6 @@ static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry) dbg_gen("dent '%pd', mode %#hx in dir ino %lu", dentry, mode, dir->i_ino); - err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm); - if (err) - return ERR_PTR(err); - inode = ubifs_new_inode(c, dir, mode, false); if (IS_ERR(inode)) { err = PTR_ERR(inode); @@ -394,7 +389,6 @@ static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry) make_bad_inode(inode); iput(inode); out_free: - fscrypt_free_filename(&nm); ubifs_err(c, "cannot create whiteout file, error %d", err); return ERR_PTR(err); } -- 2.31.1
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/1353 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/L... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/1353 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/L...
participants (2)
-
patchwork bot -
ZhaoLong Wang