[Devel] [PATCH RHEL7 COMMIT] rh/ext4: release leaked posix acl in ext4_acl_chmod

Konstantin Khorenko khorenko at virtuozzo.com
Fri Feb 9 11:52:14 MSK 2018 

The commit is pushed to "branch-rh7-3.10.0-693.17.1.vz7.43.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.17.1.vz7.43.3
------>
commit b85d6be0b743a1768b8456d36b52960858fbaa67
Author: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Date:   Fri Feb 9 11:52:14 2018 +0300

    rh/ext4: release leaked posix acl in ext4_acl_chmod
    
    Note: only rh7-3.10.0-693.17.1.el7-based kernels are affected.
    I.e. starting from rh7-3.10.0-693.17.1.vz7.43.1.
    
    Posix acl is used to convert of an extended attribute, provided by user to ext4
    attributes. In particular to i_mode in case of ACL_TYPE_ACCESS request.
    IOW, this object is allocated, used for convertion, not stored anywhere and
    must be freed.
    
    However posix_acl_update_mode() can zerofy the pointer to support
    ext4_set_acl() logic, but then the object is leaked.  So, fix it by releasing
    new temporary pointer with the same value instead of acl pointer.
    
    In scope of https://jira.sw.ru/browse/PSBM-81384
    
    RHEL bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=1543020
    
    Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
    Acked-by: Dmitry Monakhov <dmonakhov at openvz.org>
---
 fs/ext4/acl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
index 917e8198497f..fce029fa0c3b 100644
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -297,7 +297,7 @@ ext4_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
 int
 ext4_acl_chmod(struct inode *inode)
 {
-	struct posix_acl *acl;
+	struct posix_acl *acl, *real_acl;
 	handle_t *handle;
 	int retries = 0;
 	int error;
@@ -315,6 +315,8 @@ ext4_acl_chmod(struct inode *inode)
 	error = posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode);
 	if (error)
 		return error;
+
+	real_acl = acl;
 retry:
 	handle = ext4_journal_start(inode, EXT4_HT_XATTR,
 				    ext4_jbd2_credits_xattr(inode));
@@ -341,7 +343,7 @@ ext4_acl_chmod(struct inode *inode)
 	    ext4_should_retry_alloc(inode->i_sb, &retries))
 		goto retry;
 out:
-	posix_acl_release(acl);
+	posix_acl_release(real_acl);
 	return error;
 }

More information about the Devel mailing list