* [PATCH] seqfile: fix uninitialized memory allocation in mounts_open() [not found] <20070815085637.GA19293@mail.ustc.edu.cn> @ 2007-08-15 8:56 ` Fengguang Wu 2007-08-15 9:04 ` Alexey Dobriyan [not found] ` <20070815090116.GA19893@mail.ustc.edu.cn> [not found] ` <20070815090549.GB19893@mail.ustc.edu.cn> 2 siblings, 1 reply; 5+ messages in thread From: Fengguang Wu @ 2007-08-15 8:56 UTC (permalink / raw) To: Andrew Morton; +Cc: linux-kernel, Al Viro proc_mounts.m.buf is not explicitly zeroed at allocation time, which may later confuse the seqfile code and triggle an kfree(m->buf). Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn> --- --- linux.orig/fs/proc/base.c +++ linux/fs/proc/base.c @@ -380,7 +380,7 @@ static int mounts_open(struct inode *ino if (ns) { ret = -ENOMEM; - p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL); + p = kzalloc(sizeof(struct proc_mounts), GFP_KERNEL); if (p) { file->private_data = &p->m; ret = seq_open(file, &mounts_op); ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] seqfile: fix uninitialized memory allocation in mounts_open() 2007-08-15 8:56 ` [PATCH] seqfile: fix uninitialized memory allocation in mounts_open() Fengguang Wu @ 2007-08-15 9:04 ` Alexey Dobriyan [not found] ` <20070815090855.GB19293@mail.ustc.edu.cn> 0 siblings, 1 reply; 5+ messages in thread From: Alexey Dobriyan @ 2007-08-15 9:04 UTC (permalink / raw) To: Fengguang Wu; +Cc: Andrew Morton, linux-kernel, Al Viro On 8/15/07, Fengguang Wu <wfg@mail.ustc.edu.cn> wrote: > proc_mounts.m.buf is not explicitly zeroed at allocation time, which > may later confuse the seqfile code and triggle an kfree(m->buf). It's cleared in seq_open(). > --- linux.orig/fs/proc/base.c > +++ linux/fs/proc/base.c > @@ -380,7 +380,7 @@ static int mounts_open(struct inode *ino > > if (ns) { > ret = -ENOMEM; > - p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL); > + p = kzalloc(sizeof(struct proc_mounts), GFP_KERNEL); > if (p) { > file->private_data = &p->m; > ret = seq_open(file, &mounts_op); ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20070815090855.GB19293@mail.ustc.edu.cn>]
* Re: [PATCH] seqfile: fix uninitialized memory allocation in mounts_open() [not found] ` <20070815090855.GB19293@mail.ustc.edu.cn> @ 2007-08-15 9:08 ` Fengguang Wu 0 siblings, 0 replies; 5+ messages in thread From: Fengguang Wu @ 2007-08-15 9:08 UTC (permalink / raw) To: Alexey Dobriyan; +Cc: Andrew Morton, linux-kernel, Al Viro On Wed, Aug 15, 2007 at 01:04:05PM +0400, Alexey Dobriyan wrote: > On 8/15/07, Fengguang Wu <wfg@mail.ustc.edu.cn> wrote: > > proc_mounts.m.buf is not explicitly zeroed at allocation time, which > > may later confuse the seqfile code and triggle an kfree(m->buf). > > It's cleared in seq_open(). So it is :) > > --- linux.orig/fs/proc/base.c > > +++ linux/fs/proc/base.c > > @@ -380,7 +380,7 @@ static int mounts_open(struct inode *ino > > > > if (ns) { > > ret = -ENOMEM; > > - p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL); > > + p = kzalloc(sizeof(struct proc_mounts), GFP_KERNEL); > > if (p) { > > file->private_data = &p->m; > > ret = seq_open(file, &mounts_op); ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20070815090116.GA19893@mail.ustc.edu.cn>]
* Re: [PATCH] seqfile: fix uninitialized memory allocation in mounts_open() [not found] ` <20070815090116.GA19893@mail.ustc.edu.cn> @ 2007-08-15 9:01 ` Fengguang Wu 0 siblings, 0 replies; 5+ messages in thread From: Fengguang Wu @ 2007-08-15 9:01 UTC (permalink / raw) To: Andrew Morton; +Cc: linux-kernel, Al Viro On Wed, Aug 15, 2007 at 04:56:37PM +0800, Fengguang Wu wrote: > proc_mounts.m.buf is not explicitly zeroed at allocation time, which > may later confuse the seqfile code and triggle an kfree(m->buf). It's weird it did not show up in real world. Could I be wrong? > --- linux.orig/fs/proc/base.c > +++ linux/fs/proc/base.c > @@ -380,7 +380,7 @@ static int mounts_open(struct inode *ino > > if (ns) { > ret = -ENOMEM; > - p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL); > + p = kzalloc(sizeof(struct proc_mounts), GFP_KERNEL); > if (p) { > file->private_data = &p->m; > ret = seq_open(file, &mounts_op); > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20070815090549.GB19893@mail.ustc.edu.cn>]
* [PATCH] seqfile: merge duplite code to seq_open_private() [not found] ` <20070815090549.GB19893@mail.ustc.edu.cn> @ 2007-08-15 9:05 ` Fengguang Wu 0 siblings, 0 replies; 5+ messages in thread From: Fengguang Wu @ 2007-08-15 9:05 UTC (permalink / raw) To: Andrew Morton; +Cc: linux-kernel, Al Viro There are dozens of calls to seq_open() that need to set m->private. Introduce seq_open_private() to remove code duplications. Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn> --- Andrew: more conversions will be made if this patch is ok. fs/nfs/client.c | 24 ++---------------------- fs/seq_file.c | 10 ++++++++++ include/linux/seq_file.h | 1 + 3 files changed, 13 insertions(+), 22 deletions(-) --- linux-2.6.23-rc2-mm2.orig/include/linux/seq_file.h +++ linux-2.6.23-rc2-mm2/include/linux/seq_file.h @@ -33,6 +33,7 @@ struct seq_operations { }; int seq_open(struct file *, const struct seq_operations *); +int seq_open_private(struct file *, struct seq_operations *, void *); ssize_t seq_read(struct file *, char __user *, size_t, loff_t *); loff_t seq_lseek(struct file *, loff_t, int); int seq_release(struct inode *, struct file *); --- linux-2.6.23-rc2-mm2.orig/fs/seq_file.c +++ linux-2.6.23-rc2-mm2/fs/seq_file.c @@ -53,6 +53,16 @@ int seq_open(struct file *file, const st } EXPORT_SYMBOL(seq_open); +int seq_open_private(struct file *file, struct seq_operations *op, void *data) +{ + int ret = seq_open(file, op); + + if (!ret) + ((struct seq_file *)file->private_data)->private = data; + + return ret; +} +EXPORT_SYMBOL(seq_open_private); /** * seq_read - ->read() method for sequential files. * @file: the file to read from --- linux-2.6.23-rc2-mm2.orig/fs/nfs/client.c +++ linux-2.6.23-rc2-mm2/fs/nfs/client.c @@ -1188,17 +1188,7 @@ static const struct file_operations nfs_ */ static int nfs_server_list_open(struct inode *inode, struct file *file) { - struct seq_file *m; - int ret; - - ret = seq_open(file, &nfs_server_list_ops); - if (ret < 0) - return ret; - - m = file->private_data; - m->private = PDE(inode)->data; - - return 0; + return seq_open_private(file, &nfs_server_list_ops, PDE(inode)->data); } /* @@ -1258,17 +1248,7 @@ static int nfs_server_list_show(struct s */ static int nfs_volume_list_open(struct inode *inode, struct file *file) { - struct seq_file *m; - int ret; - - ret = seq_open(file, &nfs_volume_list_ops); - if (ret < 0) - return ret; - - m = file->private_data; - m->private = PDE(inode)->data; - - return 0; + return seq_open_private(file, &nfs_volume_list_ops, PDE(inode)->data); } /* ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-08-15 9:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20070815085637.GA19293@mail.ustc.edu.cn>
2007-08-15 8:56 ` [PATCH] seqfile: fix uninitialized memory allocation in mounts_open() Fengguang Wu
2007-08-15 9:04 ` Alexey Dobriyan
[not found] ` <20070815090855.GB19293@mail.ustc.edu.cn>
2007-08-15 9:08 ` Fengguang Wu
[not found] ` <20070815090116.GA19893@mail.ustc.edu.cn>
2007-08-15 9:01 ` Fengguang Wu
[not found] ` <20070815090549.GB19893@mail.ustc.edu.cn>
2007-08-15 9:05 ` [PATCH] seqfile: merge duplite code to seq_open_private() Fengguang Wu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox