Am 15.03.2015 um 02:39 schrieb Al Viro:
> On Sun, Mar 15, 2015 at 01:39:21AM +0100, Alexander Holler wrote:
>> Am 13.03.2015 um 17:42 schrieb Al Viro:
>>> Assorted fixes around AIO on gadgetfs: leaks, use-after-free,
>>> troubles caused by ->f_op flipping. Please, pull from
>>> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git gadget
>>>
>>> Shortlog:
>>> Al Viro (8):
>>> new helper: dup_iter()
>>> move iov_iter.c from mm/ to lib/
>>> gadget/function/f_fs.c: close leaks
>>> gadget/function/f_fs.c: use put iov_iter into io_data
>>> gadget/function/f_fs.c: switch to ->{read,write}_iter()
>>
>>> gadgetfs: use-after-free in ->aio_read()
>>
>> If that patch ends up in the stable kernels (as it is marked as such),
>> it needs a
>> value = -ENOMEM
>> before that added "goto fail;", otherwise the return value is unitialized.
>
> Umm... If I'm not misparsing what you said, you are talking about the
Glücklicherweise nicht. Vielleicht sollten wir es zur Abwechslung mal
mit meiner bevorzugten Sprache versuchen.
> one that gets removed by
> - if (iv) {
> - priv->iv = kmemdup(iv, nr_segs * sizeof(struct iovec),
> - GFP_KERNEL);
> - if (!priv->iv) {
> - kfree(priv);
> - goto fail;
> - }
> - }
> in "gadget: switch ep_io_operations to ->read_iter/->write_iter" very
> shortly afterwards, and _that_ is a prereq for ->f_op flipping fixes,
> which is also clear -stable fodder. But yes, it's a bisect hazard and
> a cherry-pick one as well. Nice catch...
The following patches aren't marked for stable, otherwise I would not
have risked to become a victim of your comments again.
Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
