ng said, I don't think the check is
even needed as it's going to be re-checked in the cleanup_glue_dir.
The issue is, if we fail the 'live_in_glue_dir' check on the dev->kobj, we'll
return NULL and subsequently fail to kobject_put the dev->kobj.parent in the
cleanup_glue_dir function, leaking a reference.
> [snip]
Regards,
Jason Hrycay
jason.hry...@motorola.com
ng said, I don't think the check is
even needed as it's going to be re-checked in the cleanup_glue_dir.
The issue is, if we fail the 'live_in_glue_dir' check on the dev->kobj, we'll
return NULL and subsequently fail to kobject_put the dev->kobj.parent in the
cleanup_glue_dir function, leaking a reference.
> [snip]
Regards,
Jason Hrycay
jason.hry...@motorola.com
Add check for error pointers returned from get_node_page in order to
avoid dereferencing a bad address on the next use.
Signed-off-by: Jason Hrycay
---
fs/f2fs/xattr.c | 4
1 file changed, 4 insertions(+)
diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c
index 0b02dce..ae61f35 100644
Add check for error pointers returned from get_node_page in order to
avoid dereferencing a bad address on the next use.
Signed-off-by: Jason Hrycay jason.hry...@motorola.com
---
fs/f2fs/xattr.c | 4
1 file changed, 4 insertions(+)
diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c
index
{
> kfree(gc_th);
gc_th is free'd here, save off PTR_ERR result to avoid use-after-free?
> sbi->gc_thread = NULL;
> - return -ENOMEM;
> + return PTR_ERR(gc_th->f2fs_gc_task);
> }
> return 0;
> }
>
--
Ja
)) {
kfree(gc_th);
gc_th is free'd here, save off PTR_ERR result to avoid use-after-free?
sbi-gc_thread = NULL;
- return -ENOMEM;
+ return PTR_ERR(gc_th-f2fs_gc_task);
}
return 0;
}
--
Jason Hrycay
--
To unsubscribe from this list
From: Jason Hrycay
Move the f2fs_balance_fs out of the truncate_hole function and only
perform that in punch_hole use case. The commit:
ed60b1644e7f7e5dd67d21caf7e4425dff05dad0
intended to do this but moved it into truncate_hole to cover more
cases. However, a deadlock scenario is possible
From: Jason Hrycay jason.hry...@motorola.com
Move the f2fs_balance_fs out of the truncate_hole function and only
perform that in punch_hole use case. The commit:
ed60b1644e7f7e5dd67d21caf7e4425dff05dad0
intended to do this but moved it into truncate_hole to cover more
cases. However
8 matches
Mail list logo