From: Al Viro <viro@zeniv.linux.org.uk>
To: Christian Brauner <christian@brauner.io>
Cc: gregkh@linuxfoundation.org, devel@driverdev.osuosl.org,
linux-fsdevel@vger.kernel.org, tkjos@google.com
Subject: Re: [PATCH 3/5] binderfs: rework binderfs_fill_super()
Date: Fri, 18 Jan 2019 23:03:54 +0000 [thread overview]
Message-ID: <20190118230354.GA2217@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190118145344.11532-4-christian@brauner.io>
On Fri, Jan 18, 2019 at 03:53:42PM +0100, Christian Brauner wrote:
> static int binderfs_fill_super(struct super_block *sb, void *data, int silent)
> {
> + int ret;
> struct binderfs_info *info;
> - int ret = -ENOMEM;
> struct inode *inode = NULL;
> struct ipc_namespace *ipc_ns = current->nsproxy->ipc_ns;
>
> @@ -495,13 +495,14 @@ static int binderfs_fill_super(struct super_block *sb, void *data, int silent)
> sb->s_op = &binderfs_super_ops;
> sb->s_time_gran = 1;
>
> - info = kzalloc(sizeof(struct binderfs_info), GFP_KERNEL);
> - if (!info)
> - goto err_without_dentry;
> + sb->s_fs_info = kzalloc(sizeof(struct binderfs_info), GFP_KERNEL);
> + if (!sb->s_fs_info)
> + return -ENOMEM;
> + info = sb->s_fs_info;
... and that's when you should grab ipcns reference and stick it into
info->ipc_ns, to match the logics in binderfs_kill_super().
Otherwise the failure above
> ret = binderfs_parse_mount_opts(data, &info->mount_opts);
> if (ret)
> - goto err_without_dentry;
> + return ret;
... or here leaves you with an ipcns leak.
Destructor does
if ->s_fs_info is non-NULL
release ->s_fs_info->ipc_ns
free ->s_fs_info
so constructor should not leave object in a state when ipcns is already
grabbed, but not stored in ->s_fs_info->ipc_ns (including the case of
allocation failure leaving it with NULL ->s_fs_info).
next prev parent reply other threads:[~2019-01-18 23:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 14:53 [PATCH 0/5] binderfs: debug galore Christian Brauner
2019-01-18 14:53 ` [PATCH 1/5] binderfs: remove outdated comment Christian Brauner
2019-01-18 14:53 ` [PATCH 2/5] binderfs: prevent renaming the control dentry Christian Brauner
2019-01-18 22:55 ` Al Viro
2019-01-19 15:10 ` Christian Brauner
2019-01-18 14:53 ` [PATCH 3/5] binderfs: rework binderfs_fill_super() Christian Brauner
2019-01-18 23:03 ` Al Viro [this message]
2019-01-19 15:12 ` Christian Brauner
2019-01-18 14:53 ` [PATCH 4/5] binderfs: kill_litter_super() before cleanup Christian Brauner
2019-01-18 14:53 ` [PATCH 5/5] binderfs: drop lock in binderfs_binder_ctl_create Christian Brauner
2019-01-18 23:26 ` [PATCH 0/5] binderfs: debug galore Al Viro
2019-01-19 15:55 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190118230354.GA2217@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=christian@brauner.io \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tkjos@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.