1. 03 Sep, 2017 2 commits
  2. 20 Aug, 2017 37 commits
  3. 19 Aug, 2017 1 commit
    • Cihangir Akturk's avatar
      staging: lustre: mgc: fix potential use after free in error path · 0de79ffc
      Cihangir Akturk authored
      The config_log_add() function first calls config_log_put() with the
      variable 'cld' and then jumps to label 'out_cld', which will call
      the same function with the same 'cld' variable. However, at this
      point, 'cld' might have been already freed by the first invocation
      of config_log_put(). Even if we remove the invocation at that point,
      we will still get into trouble. This is because, in the error path,
      just below the label 'out_cld', we try to put 'params_cls' and
      'sptlrpc_cld', which might also have been freed by config_log_put().
      
      The point is that, config_llog_data::cld_sptlrpc and
      config_llog_data::cld_params members are assigned at the beginning
      of this function.
      
      To avoid this, do not call config_log_put() inside the else block,
      immediately jump to 'out_cld' instead. Moreover, remove assignments
      to config_llog_data::cld_sptlrpc and config_llog_data::cld_params at
      the beginning, since we already assign them below in the function
      with 'cld_lock' held.
      
      As an additional benefit, code size gets smaller.
      
      before:
      text    data     bss     dec     hex filename
      26188   2256    4208   32652    7f8c drivers/staging/lustre/lustre/mgc/mgc_request.o
      
      after:
      text    data     bss     dec     hex filename
      26092   2256    4208   32556    7f2c drivers/staging/lustre/lustre/mgc/mgc_request.o
      Signed-off-by: default avatarCihangir Akturk <cakturk@gmail.com>
      Reviewed-by: default avatarJames Simmons <jsimmons@infradead.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0de79ffc