The patch titled sys_pipe(): fix fd leak if pipe() is called with an invalid address has been removed from the -mm tree. Its filename was sys_pipe-fix-fd-leak-if-pipe-is-called-with-an-invalid-address.patch This patch was dropped because it was nacked The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: sys_pipe(): fix fd leak if pipe() is called with an invalid address From: Changli Gao <xiaosuo@xxxxxxxxx> fd leak if pipe() is called with an invalid address. Though -EFAULT is returned, the file descriptors opened by pipe() call are left open. Signed-off-by: Changli Gao <xiaosuo@xxxxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxx> Cc: Christian Zankel <chris@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- arch/x86/ia32/sys_ia32.c | 5 ++++- arch/xtensa/kernel/syscall.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff -puN arch/x86/ia32/sys_ia32.c~sys_pipe-fix-fd-leak-if-pipe-is-called-with-an-invalid-address arch/x86/ia32/sys_ia32.c --- a/arch/x86/ia32/sys_ia32.c~sys_pipe-fix-fd-leak-if-pipe-is-called-with-an-invalid-address +++ a/arch/x86/ia32/sys_ia32.c @@ -197,8 +197,11 @@ asmlinkage long sys32_pipe(int __user *f retval = do_pipe_flags(fds, 0); if (retval) goto out; - if (copy_to_user(fd, fds, sizeof(fds))) + if (copy_to_user(fd, fds, sizeof(fds))) { + sys_close(fd[0]); + sys_close(fd[1]); retval = -EFAULT; + } out: return retval; } diff -puN arch/xtensa/kernel/syscall.c~sys_pipe-fix-fd-leak-if-pipe-is-called-with-an-invalid-address arch/xtensa/kernel/syscall.c --- a/arch/xtensa/kernel/syscall.c~sys_pipe-fix-fd-leak-if-pipe-is-called-with-an-invalid-address +++ a/arch/xtensa/kernel/syscall.c @@ -51,8 +51,11 @@ asmlinkage long xtensa_pipe(int __user * error = do_pipe_flags(fd, 0); if (!error) { - if (copy_to_user(userfds, fd, 2 * sizeof(int))) + if (copy_to_user(userfds, fd, 2 * sizeof(int))) { + sys_close(fd[0]); + sys_close(fd[1]); error = -EFAULT; + } } return error; } _ Patches currently in -mm which might be from xiaosuo@xxxxxxxxx are sys_pipe-fix-fd-leak-if-pipe-is-called-with-an-invalid-address.patch linux-next.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html