From mboxrd@z Thu Jan 1 00:00:00 1970 From: Valdis.Kletnieks@vt.edu (Valdis.Kletnieks at vt.edu) Date: Thu, 31 Mar 2016 13:22:17 -0400 Subject: Possible Bug In-Reply-To: References: <56FD38C4.8030201@gmail.com> <56FD4C35.5040301@gmail.com> Message-ID: <26163.1459444937@turing-police.cc.vt.edu> To: kernelnewbies@lists.kernelnewbies.org List-Id: kernelnewbies.lists.kernelnewbies.org On Thu, 31 Mar 2016 13:55:57 -0230, nick said: > >>> In the fs/file_table.c file as from the root directory of your kernel tree change in the function, > >>> get_empty_flip change these lines: > >>> if (unlikely(error)) { > >>> file_free(f); > >>> return ERR_PTR(error); > >>> } > >>> to: > >>> if (unlikely(error)) > >>> return ERR_PTR(error); > >>> and tell me if that fixes your issue. > >>> Nick This is an incorrect fix, as the crash happens in security_file_alloc() - before it ever even *reaches* the if statement. In addition, you just leaked a reference on f->f_cred by bypassing the put_cred() that file_free() calls. If this happens to work, it's by accident, and is merely papering over a more serious problem. Spotting the reference leak is (or should have been) a 3 or 5 minute task - look at the code, see there's a get_FOO() call, and ask where the matching put_FOO() is. There's a get_cred() you need to have hit to get here - so *somebody* needs to do a put_cred(). And then looking at the body of file_free() *should* have shown you that your proposed fix is incredibly incorrect. Seriously Nick - please stop this. You're detracting from valuable developer resources by submitting these incorrect fixes. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 848 bytes Desc: not available Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20160331/86f8dcff/attachment.bin