From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Holler <holler@ahsoftware.de>
Subject: Re: [git pull] gadgetfs fixes
Date: Sun, 15 Mar 2015 01:39:21 +0100
Message-ID: <5504D4B9.2010901@ahsoftware.de>
References: <20150313164228.GQ29656@ZenIV.linux.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-usb@vger.kernel.org
To: Al Viro <viro@ZenIV.linux.org.uk>,
	Linus Torvalds <torvalds@linux-foundation.org>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20150313164228.GQ29656@ZenIV.linux.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Am 13.03.2015 um 17:42 schrieb Al Viro:
> 	Assorted fixes around AIO on gadgetfs: leaks, use-after-free,
> troubles caused by ->f_op flipping.  Please, pull from
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git gadget
> 
> Shortlog:
> Al Viro (8):
>       new helper: dup_iter()
>       move iov_iter.c from mm/ to lib/
>       gadget/function/f_fs.c: close leaks
>       gadget/function/f_fs.c: use put iov_iter into io_data
>       gadget/function/f_fs.c: switch to ->{read,write}_iter()

>       gadgetfs: use-after-free in ->aio_read()

If that patch ends up in the stable kernels (as it is marked as such),
it needs a
	value = -ENOMEM
before that added "goto fail;", otherwise the return value is unitialized.

Alexander Holler