projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e02ba72)
aio: fix potential leak in aio_run_iocb().
authorLeon Yu <chianglungyu@gmail.com>
Thu, 1 May 2014 03:31:28 +0000 (03:31 +0000)
committerBenjamin LaHaise <bcrl@kvack.org>
Thu, 1 May 2014 12:37:43 +0000 (08:37 -0400)
iovec should be reclaimed whenever caller of rw_copy_check_uvector() returns,
but it doesn't hold when failure happens right after aio_setup_vectored_rw().

Fix that in a such way to avoid hairy goto.

Signed-off-by: Leon Yu <chianglungyu@gmail.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Cc: stable@vger.kernel.org
fs/aio.c patch | blob | blame | history

diff --git a/fs/aio.c b/fs/aio.c
index 2adbb0398ab9f23ea5e72f394ba904756142cb32..a0ed6c7d2cd2a3e91a5d12e48af705d75afe315a 100644 (file)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1327,10 +1327,8 @@ rw_common:
                                                &iovec, compat)
                        : aio_setup_single_vector(req, rw, buf, &nr_segs,
                                                  iovec);
-               if (ret)
-                       return ret;
-
-               ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
+               if (!ret)
+                       ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
                if (ret < 0) {
                        if (iovec != &inline_vec)
                                kfree(iovec);
Motorola kernel-slsi