linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] btrfs: prevent memory leak
@ 2019-09-23 22:34 Navid Emamdoost
  2019-09-24  7:06 ` Nikolay Borisov
  0 siblings, 1 reply; 2+ messages in thread
From: Navid Emamdoost @ 2019-09-23 22:34 UTC (permalink / raw)
  Cc: emamd001, smccaman, kjlu, Navid Emamdoost, Chris Mason,
	Josef Bacik, David Sterba, linux-btrfs, linux-kernel

In btrfsic_mount if btrfsic_dev_state_alloc fails the allocated state
will be leaked. It needs to be released on error handling path.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
---
 fs/btrfs/check-integrity.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c
index 0b52ab4cb964..8a77b0cb2db3 100644
--- a/fs/btrfs/check-integrity.c
+++ b/fs/btrfs/check-integrity.c
@@ -2941,6 +2941,7 @@ int btrfsic_mount(struct btrfs_fs_info *fs_info,
 		if (NULL == ds) {
 			pr_info("btrfs check-integrity: kmalloc() failed!\n");
 			mutex_unlock(&btrfsic_mutex);
+			kvfree(state);
 			return -ENOMEM;
 		}
 		ds->bdev = device->bdev;
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] btrfs: prevent memory leak
  2019-09-23 22:34 [PATCH] btrfs: prevent memory leak Navid Emamdoost
@ 2019-09-24  7:06 ` Nikolay Borisov
  0 siblings, 0 replies; 2+ messages in thread
From: Nikolay Borisov @ 2019-09-24  7:06 UTC (permalink / raw)
  To: Navid Emamdoost
  Cc: Chris Mason, David Sterba, Josef Bacik, emamd001, kjlu, smccaman,
	linux-btrfs, linux-kernel



On 24.09.19 г. 1:34 ч., Navid Emamdoost wrote:
> In btrfsic_mount if btrfsic_dev_state_alloc fails the allocated state
> will be leaked. It needs to be released on error handling path.
> 
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>

NAK.

The allocated state could have been added to a btrfsic_dev_state which
in turn is linked by btrfsic_dev_state_hashtable_add. So when later
ds->state is dereferenced it will case a UAF and likely result in crash.

Looking at the integrity code I also don't like how it's structured e.g.
if a memory error occurs then only some devices will be added to the
btrfsic_dev_State_hashtable and the super block is not going to be
validated at all.

> ---
>  fs/btrfs/check-integrity.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c
> index 0b52ab4cb964..8a77b0cb2db3 100644
> --- a/fs/btrfs/check-integrity.c
> +++ b/fs/btrfs/check-integrity.c
> @@ -2941,6 +2941,7 @@ int btrfsic_mount(struct btrfs_fs_info *fs_info,
>  		if (NULL == ds) {
>  			pr_info("btrfs check-integrity: kmalloc() failed!\n");
>  			mutex_unlock(&btrfsic_mutex);
> +			kvfree(state);
>  			return -ENOMEM;
>  		}
>  		ds->bdev = device->bdev;
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-24  7:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-23 22:34 [PATCH] btrfs: prevent memory leak Navid Emamdoost
2019-09-24  7:06 ` Nikolay Borisov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).