linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] ovl: Fix potential memory leak
@ 2022-08-22 11:52 Stanislav Goriainov
  2022-08-22 13:57 ` David Disseldorp
  2022-08-22 15:24 ` Miklos Szeredi
  0 siblings, 2 replies; 3+ messages in thread
From: Stanislav Goriainov @ 2022-08-22 11:52 UTC (permalink / raw)
  To: Miklos Szeredi
  Cc: Stanislav Goriainov, linux-unionfs, linux-kernel, ldv-project

ovl: Fix potential memory leak in ovl_lookup()

If memory for uperredirect was allocated with kstrdup()
in upperdir != NULL and d.redirect != NULL path,
it may be lost when upperredirect is reassigned later.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Stanislav Goriainov <goriainov@ispras.ru>
---
 fs/overlayfs/namei.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 69dc577974f8..226c69812379 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -1085,6 +1085,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
 			.mnt = ovl_upper_mnt(ofs),
 		};
 
+		kfree(upperredirect);
 		upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
 		if (IS_ERR(upperredirect)) {
 			err = PTR_ERR(upperredirect);
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] ovl: Fix potential memory leak
  2022-08-22 11:52 [PATCH] ovl: Fix potential memory leak Stanislav Goriainov
@ 2022-08-22 13:57 ` David Disseldorp
  2022-08-22 15:24 ` Miklos Szeredi
  1 sibling, 0 replies; 3+ messages in thread
From: David Disseldorp @ 2022-08-22 13:57 UTC (permalink / raw)
  To: Stanislav Goriainov
  Cc: Miklos Szeredi, linux-unionfs, linux-kernel, ldv-project

On Mon, 22 Aug 2022 14:52:57 +0300, Stanislav Goriainov wrote:

> ovl: Fix potential memory leak in ovl_lookup()
> 
> If memory for uperredirect was allocated with kstrdup()
> in upperdir != NULL and d.redirect != NULL path,
> it may be lost when upperredirect is reassigned later.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Stanislav Goriainov <goriainov@ispras.ru>
> ---
>  fs/overlayfs/namei.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
> index 69dc577974f8..226c69812379 100644
> --- a/fs/overlayfs/namei.c
> +++ b/fs/overlayfs/namei.c
> @@ -1085,6 +1085,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
>  			.mnt = ovl_upper_mnt(ofs),
>  		};
>  
> +		kfree(upperredirect);
>  		upperredirect = ovl_get_redirect_xattr(ofs, &upperpath, 0);
>  		if (IS_ERR(upperredirect)) {
>  			err = PTR_ERR(upperredirect);

This probably deserves a:
Fixes: 0a2d0d3f2f291 ("ovl: Check redirect on index as well")

Looks fine otherwise.
Reviewed-by: David Disseldorp <ddiss@suse.de>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] ovl: Fix potential memory leak
  2022-08-22 11:52 [PATCH] ovl: Fix potential memory leak Stanislav Goriainov
  2022-08-22 13:57 ` David Disseldorp
@ 2022-08-22 15:24 ` Miklos Szeredi
  1 sibling, 0 replies; 3+ messages in thread
From: Miklos Szeredi @ 2022-08-22 15:24 UTC (permalink / raw)
  To: Stanislav Goriainov; +Cc: linux-unionfs, linux-kernel, ldv-project

On Mon, 22 Aug 2022 at 13:53, Stanislav Goriainov <goriainov@ispras.ru> wrote:
>
> ovl: Fix potential memory leak in ovl_lookup()
>
> If memory for uperredirect was allocated with kstrdup()
> in upperdir != NULL and d.redirect != NULL path,
> it may be lost when upperredirect is reassigned later.

Can't happen because the first assignment of upperredirect will only
happen if upperdentry is non-NULL, while second one will only happen
if upperdentry is NULL.   I understand why static checker fails to see
this: it doesn't know that dentry->d_name will never contain '/'.  In
this case the looped call to ovl_lookup_single() can be ignored and it
is trivial to prove that d.redirect can only be set if *ret is
non-NULL.

Thanks,
Miklos

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-08-22 15:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-22 11:52 [PATCH] ovl: Fix potential memory leak Stanislav Goriainov
2022-08-22 13:57 ` David Disseldorp
2022-08-22 15:24 ` Miklos Szeredi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).