Re: [Devel] [PATCH] ext4: release leaked posix acl in ext4_xattr_set_acl

Wed, 07 Feb 2018 05:53:59 -0800 

Stanislav Kinsburskiy <skinsbur...@virtuozzo.com> writes:

> Posix acl is used to convert of an extended attribute, provided by user to
> ext4 attributes. In particular to I-mode in case of ACL_TYPE_ACCESS request.
> IOW, this object is allocated, used for convertion, not stored anywhere and
> must be freed.
> However posix_acl_update_mode() can zerofy the pointer to support
> ext4_set_acl() logic, but then the object is leaked.
> So, fix it by releasing new temporary pointer with the same value instead of
> acl pointer.
So you are telling me that:
ext4_xattr_set_acl
L1 acl = posix_acl_from_xattr 
L2 -> ext4_set_acl(handle, inode, type, acl)
L3    ->posix_acl_update_mode(inode, &inode->i_mode, &acl)
      *acl = NULL;
      You are saying that instruction above can affect value at L1?
      HOW? acl passed to ext4_set_acl() by value, so
      posix_acl_update_mode() can affect value only in L2 and L3 but not L1. 

Stas, have you drunk a lousy beer today?
>
> https://jira.sw.ru/browse/PSBM-81384
>
> Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
> ---
>  fs/ext4/acl.c |    8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
> index 917e819..2640d7b 100644
> --- a/fs/ext4/acl.c
> +++ b/fs/ext4/acl.c
> @@ -403,7 +403,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char 
> *name, const void *value,
>  {
>       struct inode *inode = dentry->d_inode;
>       handle_t *handle;
> -     struct posix_acl *acl;
> +     struct posix_acl *acl, *tmp;
>       int error, retries = 0;
>       int update_mode = 0;
>       umode_t mode = inode->i_mode;
> @@ -416,7 +416,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char 
> *name, const void *value,
>               return -EPERM;
>  
>       if (value) {
> -             acl = posix_acl_from_xattr(&init_user_ns, value, size);
> +             acl = tmp = posix_acl_from_xattr(&init_user_ns, value, size);
>               if (IS_ERR(acl))
>                       return PTR_ERR(acl);
>               else if (acl) {
> @@ -425,7 +425,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char 
> *name, const void *value,
>                               goto release_and_out;
>               }
>       } else
> -             acl = NULL;
> +             acl = tmp = NULL;
>  
>  retry:
>       handle = ext4_journal_start(inode, EXT4_HT_XATTR,
> @@ -452,7 +452,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char 
> *name, const void *value,
>               goto retry;
>  
>  release_and_out:
> -     posix_acl_release(acl);
> +     posix_acl_release(tmp);
>       return error;
>  }
>

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to