From patchwork Mon Mar 26 18:01:34 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 148789 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 8740EB6FDD for ; Tue, 27 Mar 2012 05:02:15 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1SCEEx-00071x-IT; Mon, 26 Mar 2012 18:01:59 +0000 Received: from mail.tpi.com ([70.99.223.143]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1SCEEs-0006rd-EN for kernel-team@lists.ubuntu.com; Mon, 26 Mar 2012 18:01:54 +0000 Received: from salmon.rtg.net (mail.tpi.com [70.99.223.143]) by mail.tpi.com (Postfix) with ESMTP id D1AD93146FD for ; Mon, 26 Mar 2012 11:01:34 -0700 (PDT) Received: by salmon.rtg.net (Postfix, from userid 1000) id BC970203BC; Mon, 26 Mar 2012 12:01:54 -0600 (MDT) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [Lucid PATCH 01/10] kmod: fix resource leak in call_usermodehelper_pipe() Date: Mon, 26 Mar 2012 12:01:34 -0600 Message-Id: <1332784903-75063-2-git-send-email-tim.gardner@canonical.com> X-Mailer: git-send-email 1.7.9.1 In-Reply-To: <1332784903-75063-1-git-send-email-tim.gardner@canonical.com> References: <1332784903-75063-1-git-send-email-tim.gardner@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com From: Masami Hiramatsu BugLink: http://bugs.launchpad.net/bugs/963685 Fix resource (write-pipe file) leak in call_usermodehelper_pipe(). When call_usermodehelper_exec() fails, write-pipe file is opened and call_usermodehelper_pipe() just returns an error. Since it is hard for caller to determine whether the error occured when opening the pipe or executing the helper, the caller cannot close the pipe by themselves. I've found this resoruce leak when testing coredump. You can check how the resource leaks as below; $ echo "|nocommand" > /proc/sys/kernel/core_pattern $ ulimit -c unlimited $ while [ 1 ]; do ./segv; done &> /dev/null & $ cat /proc/meminfo (<- repeat it) where segv.c is; //----- int main () { char *p = 0; *p = 1; } //----- This patch closes write-pipe file if call_usermodehelper_exec() failed. Signed-off-by: Masami Hiramatsu Cc: Rusty Russell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds (cherry picked from commit 8767ba2796a1c894e6d9524584a26a8224f0543d) Signed-off-by: Tim Gardner --- kernel/kmod.c | 12 +++++++----- 1 files changed, 7 insertions(+), 5 deletions(-) diff --git a/kernel/kmod.c b/kernel/kmod.c index a061472..9e38576 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -553,13 +553,15 @@ int call_usermodehelper_pipe(char *path, char **argv, char **envp, return -ENOMEM; ret = call_usermodehelper_stdinpipe(sub_info, filp); - if (ret < 0) - goto out; + if (ret < 0) { + call_usermodehelper_freeinfo(sub_info); + return ret; + } - return call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); + ret = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); + if (ret < 0) /* Failed to execute helper, close pipe */ + filp_close(*filp, NULL); - out: - call_usermodehelper_freeinfo(sub_info); return ret; } EXPORT_SYMBOL(call_usermodehelper_pipe);