Re: [PATCH] vfs: rw_copy_check_uvector() - free iov on error

From: Miklos Szeredi
Date: Fri Apr 25 2014 - 12:27:27 EST

Next message: Leif Lindholm: "[PATCH v2 03/10] efi: add helper function to get UEFI params from FDT"
Previous message: Kumar Gaurav: "Clarification needed on use of put_user inside a loop"
In reply to: Miklos Szeredi: "Re: [PATCH] vfs: rw_copy_check_uvector() - free iov on error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 23, 2014 at 12:25:34AM -0500, Eric Biggers wrote:
> On Wed, Apr 23, 2014 at 12:06:39AM -0500, Eric Biggers wrote:
> > The proposed patch doesn't work because in compat_rw_copy_check_uvector(),
> > 'iov' is incremented in the loop before it is freed or returned. This
> > probably should be changed to indexing with 'seg', like in the non-compat
> > version...
>
> Also, there is still a memory leak in vmsplice() as it does not free the iov
> buffer if 0 is returned from rw_copy_check_uvector() (possible if all segments
> are of zero length).

There are more problems. E.g. count is zero so nothing will be copied. This
function needs some care and attention (and testing).

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Leif Lindholm: "[PATCH v2 03/10] efi: add helper function to get UEFI params from FDT"
Previous message: Kumar Gaurav: "Clarification needed on use of put_user inside a loop"
In reply to: Miklos Szeredi: "Re: [PATCH] vfs: rw_copy_check_uvector() - free iov on error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]