kmod: fix resource leak in call_usermodehelper_pipe()
authorMasami Hiramatsu <mhiramat@redhat.com>
Fri, 8 Jan 2010 22:42:38 +0000 (14:42 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 11 Jan 2010 17:34:04 +0000 (09:34 -0800)
Fix resource (write-pipe file) leak in call_usermodehelper_pipe().

When call_usermodehelper_exec() fails, write-pipe file is opened and
call_usermodehelper_pipe() just returns an error.  Since it is hard for
caller to determine whether the error occured when opening the pipe or
executing the helper, the caller cannot close the pipe by themselves.

I've found this resoruce leak when testing coredump.  You can check how
the resource leaks as below;

$ echo "|nocommand" > /proc/sys/kernel/core_pattern
$ ulimit -c unlimited
$ while [ 1 ]; do ./segv; done &> /dev/null &
$ cat /proc/meminfo (<- repeat it)

where segv.c is;
//-----
int main () {
        char *p = 0;
        *p = 1;
}
//-----

This patch closes write-pipe file if call_usermodehelper_exec() failed.

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/kmod.c

index 25b1031903642654eb43043ee016d78eebbb26dd..bf0e231d970236278380019513b19188132bb62a 100644 (file)
@@ -520,13 +520,15 @@ int call_usermodehelper_pipe(char *path, char **argv, char **envp,
                return -ENOMEM;
 
        ret = call_usermodehelper_stdinpipe(sub_info, filp);
-       if (ret < 0)
-               goto out;
+       if (ret < 0) {
+               call_usermodehelper_freeinfo(sub_info);
+               return ret;
+       }
 
-       return call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC);
+       ret = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC);
+       if (ret < 0)    /* Failed to execute helper, close pipe */
+               filp_close(*filp, NULL);
 
-  out:
-       call_usermodehelper_freeinfo(sub_info);
        return ret;
 }
 EXPORT_SYMBOL(call_usermodehelper_pipe);