integ/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch
Jim Somerville d7784ee452 Fix kernel memory leaks in ipvs and ext4
These leaks were observed in the RT kernel but the fixes
are not RT specific.  We deemed it prudent to also
include the fixes in the std kernel as well.

See the specific patches for details.

Change-Id: I00e6d06a82e289806e5d51008ea1597735b2ad0f
Closes-Bug: 1836638
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2019-08-23 16:34:48 -04:00

80 lines
2.7 KiB
Diff

From 190fe153e1def764a02d7cb3438f5bc7c0402e48 Mon Sep 17 00:00:00 2001
Message-Id: <190fe153e1def764a02d7cb3438f5bc7c0402e48.1566585829.git.Jim.Somerville@windriver.com>
In-Reply-To: <e3887b1e84e274be02f992e034e0dba1f53925b6.1566585829.git.Jim.Somerville@windriver.com>
References: <e3887b1e84e274be02f992e034e0dba1f53925b6.1566585829.git.Jim.Somerville@windriver.com>
From: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Date: Fri, 9 Feb 2018 11:52:15 +0300
Subject: [PATCH 3/3] rh/ext4: release leaked posix acl in ext4_xattr_set_acl
[ commit b762d904ada70f239f1c2d2d70c4a64cd04c8ade in OpenVZ's vzkernel repo ]
Note: only rh7-3.10.0-693.17.1.el7-based kernels are affcted.
I.e. starting from rh7-3.10.0-693.17.1.vz7.43.1.
Posix acl is used to convert of an extended attribute, provided by user to ext4
attributes. In particular to i_mode in case of ACL_TYPE_ACCESS request.
IOW, this object is allocated, used for convertion, not stored anywhere and
must be freed.
However posix_acl_update_mode() can zerofy the pointer to support
ext4_set_acl() logic, but then the object is leaked. So, fix it by releasing
new temporary pointer with the same value instead of acl pointer.
https://jira.sw.ru/browse/PSBM-81384
RHEL bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=1543020
v2: Added affected kernel version + RHEL bug URL
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Acked-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
---
fs/ext4/acl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
index fce029f..046b338 100644
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -405,7 +405,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
{
struct inode *inode = dentry->d_inode;
handle_t *handle;
- struct posix_acl *acl;
+ struct posix_acl *acl, *real_acl;
int error, retries = 0;
int update_mode = 0;
umode_t mode = inode->i_mode;
@@ -418,7 +418,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
return -EPERM;
if (value) {
- acl = posix_acl_from_xattr(&init_user_ns, value, size);
+ acl = real_acl = posix_acl_from_xattr(&init_user_ns, value, size);
if (IS_ERR(acl))
return PTR_ERR(acl);
else if (acl) {
@@ -427,7 +427,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value,
goto release_and_out;
}
} else
- acl = NULL;
+ acl = real_acl = NULL;
retry:
handle = ext4_journal_start(inode, EXT4_HT_XATTR,
@@ -454,7 +454,7 @@ out_stop:
goto retry;
release_and_out:
- posix_acl_release(acl);
+ posix_acl_release(real_acl);
return error;
}
--
1.8.3.1