From: David Fries <David@Fries.net>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 1/3] w1: fix netlink refcnt leak on error path
Date: Tue, 8 Apr 2014 23:31:29 -0500 [thread overview]
Message-ID: <20140409043129.GD5096@spacedout.fries.net> (raw)
In-Reply-To: <1397014629-27478-2-git-send-email-David@Fries.net>
This patch is a bug fix, and I see from the mailing list I'm not the
only one to run into this bug, so it would be nice for this patch to
make it into this merge window. I didn't tag this one for stable
because it doesn't apply cleanly due to previous changes that did make
it into the merge window. Let me know if I should rewrite it for
stable and which kernel version.
The other two patches are more feature based changes.
On Tue, Apr 08, 2014 at 10:37:07PM -0500, David Fries wrote:
> If the message type is W1_MASTER_CMD or W1_SLAVE_CMD, then a reference
> is taken when searching for the slave or master device. If there
> isn't any following data m->len (mlen is a copy) is 0 and packing up
> the message for later execution is skipped leaving nothing to
> decrement the reference counts.
>
> Way back when, m->len was checked before the search that increments the
> reference count, but W1_LIST_MASTERS has no additional data, the check
> was moved in 9be62e0b2fadaf5ff causing this bug.
>
> This change reorders to put the check before the reference count is
> incremented avoiding the problem.
>
> Signed-off-by: David Fries <David@Fries.net>
> Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
--
David Fries <david@fries.net> PGP pub CB1EE8F0
http://fries.net/~david/
next prev parent reply other threads:[~2014-04-09 4:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-09 3:37 [PATCH 0/3] w1: fixes and bundling replies David Fries
2014-04-09 3:37 ` [PATCH 1/3] w1: fix netlink refcnt leak on error path David Fries
2014-04-09 4:31 ` David Fries [this message]
2014-04-09 3:37 ` [PATCH 2/3] connector: allow multiple messages to be sent in one packet David Fries
2014-04-09 3:37 ` [PATCH 3/3] w1: optional bundling of netlink kernel replies David Fries
-- strict thread matches above, loose matches on Subject: below --
2014-03-23 1:27 [RFC] w1: fixes and bundling replies David Fries
2014-03-23 1:27 ` [PATCH 1/3] w1: fix netlink refcnt leak on error path David Fries
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140409043129.GD5096@spacedout.fries.net \
--to=david@fries.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.