summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorLeon Yu <chianglungyu@gmail.com>2014-05-01 03:31:28 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-06-07 10:28:11 -0700
commit991d867488c63cf76138596a96147839f9975989 (patch)
tree387b1a468912661e89abeba99b33f8420f2bb40d /fs
parent53937890848b0e9552be2119ad49823cfb9c5eb9 (diff)
downloadlwn-991d867488c63cf76138596a96147839f9975989.tar.gz
lwn-991d867488c63cf76138596a96147839f9975989.zip
aio: fix potential leak in aio_run_iocb().
commit 754320d6e166d3a12cb4810a452bde00afbd4e9a upstream. iovec should be reclaimed whenever caller of rw_copy_check_uvector() returns, but it doesn't hold when failure happens right after aio_setup_vectored_rw(). Fix that in a such way to avoid hairy goto. Signed-off-by: Leon Yu <chianglungyu@gmail.com> Signed-off-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/aio.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/fs/aio.c b/fs/aio.c
index 12a3de0ee6da..04cd7686555d 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1299,10 +1299,8 @@ rw_common:
&iovec, compat)
: aio_setup_single_vector(req, rw, buf, &nr_segs,
iovec);
- if (ret)
- return ret;
-
- ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
+ if (!ret)
+ ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes);
if (ret < 0) {
if (iovec != &inline_vec)
kfree(iovec);