From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Subject: Re: [stable] [patch for 2.6.29? 1/3] pipe_rdwr_fasync: fix the error handling to prevent the leak/crash Date: Thu, 12 Mar 2009 22:02:56 -0700 Message-ID: <20090313050256.GG6321@kroah.com> References: <200903042012.n24KCUlA030022@imap1.linux-foundation.org> <20090304205128.GA19304@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, stable@kernel.org, andi@firstfloor.org, viro@zeniv.linux.org.uk, corbet@lwn.net To: Oleg Nesterov Return-path: Received: from kroah.org ([198.145.64.141]:53941 "EHLO coco.kroah.org" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751183AbZCMFNc (ORCPT ); Fri, 13 Mar 2009 01:13:32 -0400 Content-Disposition: inline In-Reply-To: <20090304205128.GA19304@redhat.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, Mar 04, 2009 at 09:51:28PM +0100, Oleg Nesterov wrote: > On 03/04, Andrew Morton wrote: > > > > From: Oleg Nesterov > > > > If the second fasync_helper() fails, pipe_rdwr_fasync() returns the error > > but leaves the file on ->fasync_readers. > > > > This was always wrong, but since 233e70f4228e78eb2f80dc6650f65d3ae3dbf17c > > "saner FASYNC handling on file close" we have the new problem. Because in > > this case setfl() doesn't set FASYNC bit, __fput() will not do > > ->fasync(0), and we leak fasync_struct with ->fa_file pointing to the > > freed file. > > > > Signed-off-by: Oleg Nesterov > > Cc: Al Viro > > Cc: Andi Kleen > > Cc: Jonathan Corbet > > Cc: [2.6.28.x] > > Signed-off-by: Andrew Morton > > Just in case... > > This bug is minor. fasync_helper() can only fail if > kmem_cache_alloc(fasync_cache, GFP_KERNEL) fails, this should "never" happen. > > Perhaps -stable doesn't need this fix. Can't hurt, right? thanks, greg k-h