Re: locks_remove_file() -> flock_lock_inode() sleeps in invalid context, false positive due to NULL dereference ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Rafael,

On Wed, 7 Nov 2018 22:54:24 -0200 Rafael David Tinoco <rafael.tinoco@xxxxxxxxxx> wrote:
>
> NM for this one, just saw flock_make_lock() can return a ptr to struct
> file_lock *, after creating it from slab, or just populate a stack
> variable, like it is doing here.
> 
> For:
> 
> ...
> flock_make_lock(filp, LOCK_UN, &fl);
> fl.fl_flags |= FL_CLOSE;
> ...
> 
> I wonder if, for x86, we are just missing an initialization:
> 
> memset(&fl, 0, sizeof(struct file_lock));
> 
> in the beginning of locks_remove_flock().

I noticed that today's file-locks tree has added an initialisation for
fl ...

-- 
Cheers,
Stephen Rothwell

Attachment: pgpmVE64Ps5uI.pgp
Description: OpenPGP digital signature

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux