From 71601e2b33dad9acb8d7844f7321f90ed9d1bce8 Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Thu, 8 Jun 2006 10:26:39 +0200 Subject: [PATCH] debugfs inode leak Looking at the reiser4 crash, I found a leak in debugfs. In debugfs_mknod(), we create the inode before checking if the dentry already has one attached. We don't free it if that is the case. These bugs happen quite often, I'm starting to think we should disallow such coding in CodingStyle. Signed-off-by: Jens Axboe Signed-off-by: Linus Torvalds --- fs/debugfs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'fs') diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 85d166c..b55b4ea 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -67,12 +67,13 @@ static struct inode *debugfs_get_inode(struct super_block *sb, int mode, dev_t d static int debugfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { - struct inode *inode = debugfs_get_inode(dir->i_sb, mode, dev); + struct inode *inode; int error = -EPERM; if (dentry->d_inode) return -EEXIST; + inode = debugfs_get_inode(dir->i_sb, mode, dev); if (inode) { d_instantiate(dentry, inode); dget(dentry); -- cgit v1.1 From 9cedc194a7735e5d74ad26d3825247dc65a4d98e Mon Sep 17 00:00:00 2001 From: Kirill Korotaev Date: Wed, 14 Jun 2006 17:59:35 +0400 Subject: [PATCH] Return error in case flock_lock_file failure If flock_lock_file() failed to allocate flock with locks_alloc_lock() then "error = 0" is returned. Need to return some non-zero. Signed-off-by: Pavel Emelianov Signed-off-by: Kirill Korotaev Signed-off-by: Linus Torvalds --- fs/locks.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fs') diff --git a/fs/locks.c b/fs/locks.c index 6f99c0a..ab61a8b 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -755,6 +755,7 @@ static int flock_lock_file(struct file *filp, struct file_lock *request) if (request->fl_type == F_UNLCK) goto out; + error = -ENOMEM; new_fl = locks_alloc_lock(); if (new_fl == NULL) goto out; @@ -781,6 +782,7 @@ static int flock_lock_file(struct file *filp, struct file_lock *request) locks_copy_lock(new_fl, request); locks_insert_lock(&inode->i_flock, new_fl); new_fl = NULL; + error = 0; out: unlock_kernel(); -- cgit v1.1 From 991721572ef2140c6411894aebefd3377e71a9e7 Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Fri, 16 Jun 2006 13:02:29 +0200 Subject: [PATCH] Fix missing ret assignment in __bio_map_user() error path If get_user_pages() returns less pages than what we asked for, we jump to out_unmap which will return ERR_PTR(ret). But ret can contain a positive number just smaller than local_nr_pages, so be sure to set it to -EFAULT always. Problem found and diagnosed by Damien Le Moal Signed-off-by: Jens Axboe Signed-off-by: Linus Torvalds --- fs/bio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'fs') diff --git a/fs/bio.c b/fs/bio.c index 098c12b..6a0b9ad 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -654,9 +654,10 @@ static struct bio *__bio_map_user_iov(request_queue_t *q, write_to_vm, 0, &pages[cur_page], NULL); up_read(¤t->mm->mmap_sem); - if (ret < local_nr_pages) + if (ret < local_nr_pages) { + ret = -EFAULT; goto out_unmap; - + } offset = uaddr & ~PAGE_MASK; for (j = cur_page; j < page_limit; j++) { -- cgit v1.1