[PATCH] ocfs2: Fix panic on kfree(xattr->name)

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] ocfs2: Fix panic on kfree(xattr->name)
       [not found] <5328D286.2010209@oracle.com>
@ 2014-03-19 12:55 ` Tetsuo Handa
  2014-03-19 19:28   ` Tariq Saeed
  0 siblings, 1 reply; 7+ messages in thread
From: Tetsuo Handa @ 2014-03-19 12:55 UTC (permalink / raw)
  To: tariq.x.saeed, mfasheh, jlbec; +Cc: linux-fsdevel, linux-security-module

Tariq Saeed wrote:
> This commit did not take into account the callers of this function who 
> assume they need to kfree() the name. It causes panic in ocfs2 on create 
> file. I am puzzled how did this commit got into the tree without changing
> the callsites to NOT call kfree anymore. Am I missing something?

You are right. It is my mistake. I didn't realize that ocfs2 is calling kfree()
on the name field. Would you please test below patch?

Regards.
----------
>From 3940749700148f58265407987f813b773515661a Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 19 Mar 2014 21:49:21 +0900
Subject: [PATCH] ocfs2: Fix panic on kfree(xattr->name)

Commit 9548906b 'xattr: Constify ->name member of "struct xattr".' missed that
ocfs2 is calling kfree(xattr->name). As a result, kernel panic occurs upon
calling kfree(xattr->name) because xattr->name refers static constant names.
This patch removes kfree(xattr->name) from ocfs2_mknod() and ocfs2_symlink().

Reported-by: Tariq Saeed <tariq.x.saeed@oracle.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: <stable@vger.kernel.org> [3.12+]
---
 fs/ocfs2/namei.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index 3683643..feed025 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -450,7 +450,6 @@ leave:
 
 	brelse(new_fe_bh);
 	brelse(parent_fe_bh);
-	kfree(si.name);
 	kfree(si.value);
 
 	ocfs2_free_dir_lookup_result(&lookup);
@@ -1855,7 +1854,6 @@ bail:
 
 	brelse(new_fe_bh);
 	brelse(parent_fe_bh);
-	kfree(si.name);
 	kfree(si.value);
 	ocfs2_free_dir_lookup_result(&lookup);
 	if (inode_ac)
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
  2014-03-19 12:55 ` [PATCH] ocfs2: Fix panic on kfree(xattr->name) Tetsuo Handa
@ 2014-03-19 19:28   ` Tariq Saeed
  2014-03-19 22:02       ` Tetsuo Handa
  2014-03-27 22:13     ` Tariq Saeed
  0 siblings, 2 replies; 7+ messages in thread
From: Tariq Saeed @ 2014-03-19 19:28 UTC (permalink / raw)
  To: Tetsuo Handa, mfasheh, jlbec; +Cc: linux-fsdevel, linux-security-module

The patch works. What is the plan for submitting to mainline?
Thanks,
-Tariq

On 03/19/2014 05:55 AM, Tetsuo Handa wrote:
> Tariq Saeed wrote:
>> This commit did not take into account the callers of this function who
>> assume they need to kfree() the name. It causes panic in ocfs2 on create
>> file. I am puzzled how did this commit got into the tree without changing
>> the callsites to NOT call kfree anymore. Am I missing something?
>
> You are right. It is my mistake. I didn't realize that ocfs2 is calling kfree()
> on the name field. Would you please test below patch?
>
> Regards.
> ----------
>>From 3940749700148f58265407987f813b773515661a Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Wed, 19 Mar 2014 21:49:21 +0900
> Subject: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
>
> Commit 9548906b 'xattr: Constify ->name member of "struct xattr".' missed that
> ocfs2 is calling kfree(xattr->name). As a result, kernel panic occurs upon
> calling kfree(xattr->name) because xattr->name refers static constant names.
> This patch removes kfree(xattr->name) from ocfs2_mknod() and ocfs2_symlink().
>
> Reported-by: Tariq Saeed <tariq.x.saeed@oracle.com>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Cc: <stable@vger.kernel.org> [3.12+]
> ---
>   fs/ocfs2/namei.c |    2 --
>   1 files changed, 0 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
> index 3683643..feed025 100644
> --- a/fs/ocfs2/namei.c
> +++ b/fs/ocfs2/namei.c
> @@ -450,7 +450,6 @@ leave:
>
>   	brelse(new_fe_bh);
>   	brelse(parent_fe_bh);
> -	kfree(si.name);
>   	kfree(si.value);
>
>   	ocfs2_free_dir_lookup_result(&lookup);
> @@ -1855,7 +1854,6 @@ bail:
>
>   	brelse(new_fe_bh);
>   	brelse(parent_fe_bh);
> -	kfree(si.name);
>   	kfree(si.value);
>   	ocfs2_free_dir_lookup_result(&lookup);
>   	if (inode_ac)
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Ocfs2-devel] [PATCH] ocfs2: Fix panic on kfree(xattr->name)
  2014-03-19 19:28   ` Tariq Saeed
@ 2014-03-19 22:02       ` Tetsuo Handa
  2014-03-27 22:13     ` Tariq Saeed
  1 sibling, 0 replies; 7+ messages in thread
From: Tetsuo Handa @ 2014-03-19 22:02 UTC (permalink / raw)
  To: mfasheh, jlbec, ocfs2-devel
  Cc: tariq.x.saeed, linux-fsdevel, linux-security-module

Thank you for testing.

Mark and Joel, would you pick up this patch via your tree?

Tariq Saeed wrote:
> The patch works. What is the plan for submitting to mainline?
> Thanks,
> -Tariq
> 
> On 03/19/2014 05:55 AM, Tetsuo Handa wrote:
> > Tariq Saeed wrote:
> >> This commit did not take into account the callers of this function who
> >> assume they need to kfree() the name. It causes panic in ocfs2 on create
> >> file. I am puzzled how did this commit got into the tree without changing
> >> the callsites to NOT call kfree anymore. Am I missing something?
> >
> > You are right. It is my mistake. I didn't realize that ocfs2 is calling kfree()
> > on the name field. Would you please test below patch?
> >
> > Regards.
> > ----------
> >>From 3940749700148f58265407987f813b773515661a Mon Sep 17 00:00:00 2001
> > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > Date: Wed, 19 Mar 2014 21:49:21 +0900
> > Subject: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
> >
> > Commit 9548906b 'xattr: Constify ->name member of "struct xattr".' missed that
> > ocfs2 is calling kfree(xattr->name). As a result, kernel panic occurs upon
> > calling kfree(xattr->name) because xattr->name refers static constant names.
> > This patch removes kfree(xattr->name) from ocfs2_mknod() and ocfs2_symlink().
> >
> > Reported-by: Tariq Saeed <tariq.x.saeed@oracle.com>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > Cc: <stable@vger.kernel.org> [3.12+]
> > ---
> >   fs/ocfs2/namei.c |    2 --
> >   1 files changed, 0 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
> > index 3683643..feed025 100644
> > --- a/fs/ocfs2/namei.c
> > +++ b/fs/ocfs2/namei.c
> > @@ -450,7 +450,6 @@ leave:
> >
> >   	brelse(new_fe_bh);
> >   	brelse(parent_fe_bh);
> > -	kfree(si.name);
> >   	kfree(si.value);
> >
> >   	ocfs2_free_dir_lookup_result(&lookup);
> > @@ -1855,7 +1854,6 @@ bail:
> >
> >   	brelse(new_fe_bh);
> >   	brelse(parent_fe_bh);
> > -	kfree(si.name);
> >   	kfree(si.value);
> >   	ocfs2_free_dir_lookup_result(&lookup);
> >   	if (inode_ac)
> >
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
@ 2014-03-19 22:02       ` Tetsuo Handa
  0 siblings, 0 replies; 7+ messages in thread
From: Tetsuo Handa @ 2014-03-19 22:02 UTC (permalink / raw)
  To: mfasheh, jlbec, ocfs2-devel
  Cc: tariq.x.saeed, linux-fsdevel, linux-security-module

Thank you for testing.

Mark and Joel, would you pick up this patch via your tree?

Tariq Saeed wrote:
> The patch works. What is the plan for submitting to mainline?
> Thanks,
> -Tariq
> 
> On 03/19/2014 05:55 AM, Tetsuo Handa wrote:
> > Tariq Saeed wrote:
> >> This commit did not take into account the callers of this function who
> >> assume they need to kfree() the name. It causes panic in ocfs2 on create
> >> file. I am puzzled how did this commit got into the tree without changing
> >> the callsites to NOT call kfree anymore. Am I missing something?
> >
> > You are right. It is my mistake. I didn't realize that ocfs2 is calling kfree()
> > on the name field. Would you please test below patch?
> >
> > Regards.
> > ----------
> >>From 3940749700148f58265407987f813b773515661a Mon Sep 17 00:00:00 2001
> > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > Date: Wed, 19 Mar 2014 21:49:21 +0900
> > Subject: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
> >
> > Commit 9548906b 'xattr: Constify ->name member of "struct xattr".' missed that
> > ocfs2 is calling kfree(xattr->name). As a result, kernel panic occurs upon
> > calling kfree(xattr->name) because xattr->name refers static constant names.
> > This patch removes kfree(xattr->name) from ocfs2_mknod() and ocfs2_symlink().
> >
> > Reported-by: Tariq Saeed <tariq.x.saeed@oracle.com>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > Cc: <stable@vger.kernel.org> [3.12+]
> > ---
> >   fs/ocfs2/namei.c |    2 --
> >   1 files changed, 0 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
> > index 3683643..feed025 100644
> > --- a/fs/ocfs2/namei.c
> > +++ b/fs/ocfs2/namei.c
> > @@ -450,7 +450,6 @@ leave:
> >
> >   	brelse(new_fe_bh);
> >   	brelse(parent_fe_bh);
> > -	kfree(si.name);
> >   	kfree(si.value);
> >
> >   	ocfs2_free_dir_lookup_result(&lookup);
> > @@ -1855,7 +1854,6 @@ bail:
> >
> >   	brelse(new_fe_bh);
> >   	brelse(parent_fe_bh);
> > -	kfree(si.name);
> >   	kfree(si.value);
> >   	ocfs2_free_dir_lookup_result(&lookup);
> >   	if (inode_ac)
> >
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
  2014-03-19 19:28   ` Tariq Saeed
  2014-03-19 22:02       ` Tetsuo Handa
@ 2014-03-27 22:13     ` Tariq Saeed
  2014-03-28 13:48       ` Tetsuo Handa
  1 sibling, 1 reply; 7+ messages in thread
From: Tariq Saeed @ 2014-03-27 22:13 UTC (permalink / raw)
  To: Tetsuo Handa, mfasheh, jlbec
  Cc: linux-fsdevel, linux-security-module, Srinivas Eeda

On 03/19/2014 12:28 PM, Tariq Saeed wrote:
> The patch works. What is the plan for submitting to mainline
can you please submit this patch to mainline.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
  2014-03-27 22:13     ` Tariq Saeed
@ 2014-03-28 13:48       ` Tetsuo Handa
  2014-03-28 22:13         ` James Morris
  0 siblings, 1 reply; 7+ messages in thread
From: Tetsuo Handa @ 2014-03-28 13:48 UTC (permalink / raw)
  To: tariq.x.saeed, mfasheh, jlbec
  Cc: linux-fsdevel, linux-security-module, srinivas.eeda

Tariq Saeed wrote:
> On 03/19/2014 12:28 PM, Tariq Saeed wrote:
> > The patch works. What is the plan for submitting to mainline
> can you please submit this patch to mainline.

No response from ocfs2 folks.
James, Al, can you pick up this patch?

----------
>From 3940749700148f58265407987f813b773515661a Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 19 Mar 2014 21:49:21 +0900
Subject: [PATCH] ocfs2: Fix panic on kfree(xattr->name)

Commit 9548906b 'xattr: Constify ->name member of "struct xattr".' missed that
ocfs2 is calling kfree(xattr->name). As a result, kernel panic occurs upon
calling kfree(xattr->name) because xattr->name refers static constant names.
This patch removes kfree(xattr->name) from ocfs2_mknod() and ocfs2_symlink().

Reported-by: Tariq Saeed <tariq.x.saeed@oracle.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: <stable@vger.kernel.org> [3.12+]
---
 fs/ocfs2/namei.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index 3683643..feed025 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -450,7 +450,6 @@ leave:
 
 	brelse(new_fe_bh);
 	brelse(parent_fe_bh);
-	kfree(si.name);
 	kfree(si.value);
 
 	ocfs2_free_dir_lookup_result(&lookup);
@@ -1855,7 +1854,6 @@ bail:
 
 	brelse(new_fe_bh);
 	brelse(parent_fe_bh);
-	kfree(si.name);
 	kfree(si.value);
 	ocfs2_free_dir_lookup_result(&lookup);
 	if (inode_ac)
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
  2014-03-28 13:48       ` Tetsuo Handa
@ 2014-03-28 22:13         ` James Morris
  0 siblings, 0 replies; 7+ messages in thread
From: James Morris @ 2014-03-28 22:13 UTC (permalink / raw)
  To: Tetsuo Handa
  Cc: tariq.x.saeed, mfasheh, jlbec, linux-fsdevel,
	linux-security-module, srinivas.eeda

On Fri, 28 Mar 2014, Tetsuo Handa wrote:

> Tariq Saeed wrote:
> > On 03/19/2014 12:28 PM, Tariq Saeed wrote:
> > > The patch works. What is the plan for submitting to mainline
> > can you please submit this patch to mainline.
> 
> No response from ocfs2 folks.
> James, Al, can you pick up this patch?

This needs to go in via Al or akpm.


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2014-03-28 22:13 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <5328D286.2010209@oracle.com>
2014-03-19 12:55 ` [PATCH] ocfs2: Fix panic on kfree(xattr->name) Tetsuo Handa
2014-03-19 19:28   ` Tariq Saeed
2014-03-19 22:02     ` [Ocfs2-devel] " Tetsuo Handa
2014-03-19 22:02       ` Tetsuo Handa
2014-03-27 22:13     ` Tariq Saeed
2014-03-28 13:48       ` Tetsuo Handa
2014-03-28 22:13         ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.