from:"Geyslan G. Bem"

[PATCH] btrfs: simplify kmalloc+copy_from_user to memdup_user

2013-10-14 Thread Geyslan G. Bem

Use memdup_user rather than duplicating its implementation
This is a little bit restricted to reduce false positives

The semantic patch that makes this report is available
in scripts/coccinelle/api/memdup_user.cocci.

More information about semantic patching is available at
http://coccinelle.lip6.fr/

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/ioctl.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 9d46f60..f0e3517 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2727,15 +2727,10 @@ static long btrfs_ioctl_file_extent_same(struct file 
*file,
size = sizeof(tmp) +
tmp.dest_count * sizeof(struct btrfs_ioctl_same_extent_info);
 
-   same = kmalloc(size, GFP_NOFS);
-   if (!same) {
-   ret = -EFAULT;
-   goto out;
-   }
+   same = memdup_user((struct btrfs_ioctl_same_args __user *)argp, size);
 
-   if (copy_from_user(same,
-  (struct btrfs_ioctl_same_args __user *)argp, size)) {
-   ret = -EFAULT;
+   if (IS_ERR(same)) {
+   ret = PTR_ERR(same);
goto out;
}
 
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] btrfs: simplify kmalloc+copy_from_user to memdup_user

2013-10-14 Thread Geyslan G. Bem

Use memdup_user rather than duplicating its implementation
This is a little bit restricted to reduce false positives

The semantic patch that makes this report is available
in scripts/coccinelle/api/memdup_user.cocci.

More information about semantic patching is available at
http://coccinelle.lip6.fr/

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/ioctl.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 9d46f60..f0e3517 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2727,15 +2727,10 @@ static long btrfs_ioctl_file_extent_same(struct file 
*file,
size = sizeof(tmp) +
tmp.dest_count * sizeof(struct btrfs_ioctl_same_extent_info);
 
-   same = kmalloc(size, GFP_NOFS);
-   if (!same) {
-   ret = -EFAULT;
-   goto out;
-   }
+   same = memdup_user((struct btrfs_ioctl_same_args __user *)argp, size);
 
-   if (copy_from_user(same,
-  (struct btrfs_ioctl_same_args __user *)argp, size)) {
-   ret = -EFAULT;
+   if (IS_ERR(same)) {
+   ret = PTR_ERR(same);
goto out;
}
 
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v6] btrfs: Fix memory leakage in the tree-log.c

2013-10-11 Thread Geyslan G. Bem

In add_inode_ref() function:

Initializes local pointers.

Reduces the logical condition with the __add_inode_ref() return
value by using only one 'goto out'.

Centralizes the exiting, ensuring the freeing of all used memory.

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/tree-log.c | 33 +++--
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 79f057c..61bb051 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1113,11 +1113,11 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
  struct extent_buffer *eb, int slot,
  struct btrfs_key *key)
 {
-   struct inode *dir;
-   struct inode *inode;
+   struct inode *dir = NULL;
+   struct inode *inode = NULL;
unsigned long ref_ptr;
unsigned long ref_end;
-   char *name;
+   char *name = NULL;
int namelen;
int ret;
int search_done = 0;
@@ -1150,13 +1150,15 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
 * care of the rest
 */
dir = read_one_inode(root, parent_objectid);
-   if (!dir)
-   return -ENOENT;
+   if (!dir) {
+   ret = -ENOENT;
+   goto out;
+   }
 
inode = read_one_inode(root, inode_objectid);
if (!inode) {
-   iput(dir);
-   return -EIO;
+   ret = -EIO;
+   goto out;
}
 
while (ref_ptr  ref_end) {
@@ -1169,14 +1171,16 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
 */
if (!dir)
dir = read_one_inode(root, parent_objectid);
-   if (!dir)
-   return -ENOENT;
+   if (!dir) {
+   ret = -ENOENT;
+   goto out;
+   }
} else {
ret = ref_get_fields(eb, ref_ptr, namelen, name,
 ref_index);
}
if (ret)
-   return ret;
+   goto out;
 
/* if we already have a perfect match, we're done */
if (!inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode),
@@ -1196,12 +1200,11 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
  parent_objectid,
  ref_index, name, namelen,
  search_done);
-   if (ret == 1) {
-   ret = 0;
+   if (ret) {
+   if (ret == 1)
+   ret = 0;
goto out;
}
-   if (ret)
-   goto out;
}
 
/* insert our name */
@@ -1215,6 +1218,7 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
 
ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + namelen;
kfree(name);
+   name = NULL;
if (log_ref_ver) {
iput(dir);
dir = NULL;
@@ -1225,6 +1229,7 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
ret = overwrite_item(trans, root, path, eb, slot, key);
 out:
btrfs_release_path(path);
+   kfree(name);
iput(dir);
iput(inode);
return ret;
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] btrfs: Fix memory leakage in the tree-log.c

2013-10-09 Thread Geyslan G. Bem

In some cases, add_inode_ref() is returning without freeing
the 'name' pointer.

Added bail out to explicitly call kfree when necessary.

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/tree-log.c | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 79f057c..37d32c3 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1170,13 +1170,18 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
if (!dir)
dir = read_one_inode(root, parent_objectid);
if (!dir)
-   return -ENOENT;
+   {
+   ret = -ENOENT;
+   goto bail;
+   }
} else {
ret = ref_get_fields(eb, ref_ptr, namelen, name,
 ref_index);
}
if (ret)
-   return ret;
+   {
+   goto bail;
+   }
 
/* if we already have a perfect match, we're done */
if (!inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode),
@@ -1214,7 +1219,6 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
}
 
ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + namelen;
-   kfree(name);
if (log_ref_ver) {
iput(dir);
dir = NULL;
@@ -1227,6 +1231,9 @@ out:
btrfs_release_path(path);
iput(dir);
iput(inode);
+bail:
+   if (name)
+   kfree(name);
return ret;
 }
 
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2] btrfs: Fix memory leakage in the tree-log.c

2013-10-09 Thread Geyslan G. Bem

In some cases, add_inode_ref() is returning without freeing
the 'name' pointer.

Added bail out to explicitly call kfree when necessary.

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/tree-log.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 79f057c..727d4ff 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1170,13 +1170,16 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
if (!dir)
dir = read_one_inode(root, parent_objectid);
if (!dir)
-   return -ENOENT;
+   {
+   ret = -ENOENT;
+   goto bail;
+   }
} else {
ret = ref_get_fields(eb, ref_ptr, namelen, name,
 ref_index);
}
if (ret)
-   return ret;
+   goto bail;
 
/* if we already have a perfect match, we're done */
if (!inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode),
@@ -1214,7 +1217,6 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
}
 
ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + namelen;
-   kfree(name);
if (log_ref_ver) {
iput(dir);
dir = NULL;
@@ -1227,6 +1229,9 @@ out:
btrfs_release_path(path);
iput(dir);
iput(inode);
+bail:
+   if (name)
+   kfree(name);
return ret;
 }
 
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3] btrfs: Fix memory leakage in the tree-log.c

2013-10-09 Thread Geyslan G. Bem

In some cases, add_inode_ref() is returning without freeing
the 'name' pointer.

Added bail out to explicitly call kfree when necessary.

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/tree-log.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 79f057c..ad7cc5f 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1170,13 +1170,16 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
if (!dir)
dir = read_one_inode(root, parent_objectid);
if (!dir)
-   return -ENOENT;
+   {
+   ret = -ENOENT;
+   goto bail;
+   }
} else {
ret = ref_get_fields(eb, ref_ptr, namelen, name,
 ref_index);
}
if (ret)
-   return ret;
+   goto bail;
 
/* if we already have a perfect match, we're done */
if (!inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode),
@@ -1227,6 +1230,9 @@ out:
btrfs_release_path(path);
iput(dir);
iput(inode);
+bail:
+   if (name)
+   kfree(name);
return ret;
 }
 
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v4] btrfs: Fix memory leakage in the tree-log.c

2013-10-09 Thread Geyslan G. Bem

When 'dir' is NULL, after calling extref_get_fields(), add_inode_ref()
can be returning without freeing the 'name' pointer.

Added kfree when necessary.

Signed-off-by: Geyslan G. Bem geys...@gmail.com
---
 fs/btrfs/tree-log.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 79f057c..63c0b72 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1169,8 +1169,11 @@ static noinline int add_inode_ref(struct 
btrfs_trans_handle *trans,
 */
if (!dir)
dir = read_one_inode(root, parent_objectid);
-   if (!dir)
+   if (!dir) {
+   if (!ret)
+   kfree(name);
return -ENOENT;
+   }
} else {
ret = ref_get_fields(eb, ref_ptr, namelen, name,
 ref_index);
-- 
1.8.4

--
To unsubscribe from this list: send the line unsubscribe linux-btrfs in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] btrfs: simplify kmalloc+copy_from_user to memdup_user

[PATCH] btrfs: simplify kmalloc+copy_from_user to memdup_user

[PATCH v6] btrfs: Fix memory leakage in the tree-log.c

[PATCH] btrfs: Fix memory leakage in the tree-log.c

[PATCH v2] btrfs: Fix memory leakage in the tree-log.c

[PATCH v3] btrfs: Fix memory leakage in the tree-log.c

[PATCH v4] btrfs: Fix memory leakage in the tree-log.c

7 matches

Site Navigation

Mail list logo

Footer information