s makes it
impossible to free allocated cdev.
This patch also consolidates error path of cdev_add() as cdev can also leak
here if things went wrong.
Signed-off-by: Leon Yu
Fixes: a3a10ce3429e ("Avoid usb reset crashes by making tty_io cdevs truly
dynamic")
---
drivers/tty/tty_io.c |
er.kernel.org # 4.15+
Signed-off-by: Leon Yu
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420024f6..e42764acedb4 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4228,7 +4228,7 @@ static int modules_open(struct
er.kernel.org # 4.15+
Signed-off-by: Leon Yu
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index ad2d420024f6..e42764acedb4 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4228,7 +4228,7 @@ static int modules_open(struct
Since commit 6130f5315 ("switch vmsplice_to_user() to copy_page_to_iter()"),
rw_copy_check_uvector is used for sanity check, however, iov can be leaked if
that check failed.
So, fix it by handling this error path properly.
Signed-off-by: Leon Yu
---
fs/splice.c | 3 ++-
1 file
iovec should be reclaimed whenever caller of rw_copy_check_uvector() returns,
but it doesn't hold when failure happens right after aio_setup_vectored_rw().
Fix that in a such way to avoid hairy goto.
Signed-off-by: Leon Yu
---
fs/aio.c | 6 ++
1 file changed, 2 insertions(+), 4 dele
can still leak in
the error path right after sk_chk_filter().
Signed-off-by: Leon Yu
---
net/core/filter.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index 9d79ca0..4aec7b9 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
On 2014-09-01, Wang Long wrote:
>
> Hi,all
>
> In kernel 3.17-rc2, when i set CONFIG_HAVE_SMP = y and CONFIG_SMP_ON_UP = y
> in .config file. the secondary core can not boot.
>
> when i set CONFIG_HAVE_SMP = y and CONFIG_SMP_ON_UP = n in .config file,
> the secondary core can boot.
>
> But this d
of incremented
refcount in perf_event_ctx_lock_nested().
Signed-off-by: Leon Yu
Fixes: a83fe28e2e45 ("perf: Fix put_event() ctx lock")
---
kernel/events/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index f04daab..45
On Thu, Feb 26, 2015 at 8:43 PM, Leon Yu wrote:
>
> Commit a83fe28e2e45 ("perf: Fix put_event() ctx lock") changed lock logic in
> put_event() by replacing mutex_lock_nested() with
> perf_event_ctx_lock_nested(),
> but didn't fix subsequent mutex_unl
valid meaning if anon_vma_clone() fails.
Besides, callers don't care dst->anon_vma in such case neither.
Signed-off-by: Leon Yu
Fixes: 7a3ef208e662 ("mm: prevent endless growth of anon_vma hierarchy")
Cc: sta...@vger.kernel.org # v3.19
---
mm/rmap.c | 7 +++
1 file changed,
On Tue, Mar 3, 2015 at 9:36 PM, Michal Hocko wrote:
> On Tue 03-03-15 20:02:15, Leon Yu wrote:
>> I have constantly stumbled upon "kernel BUG at mm/rmap.c:399!" after
>> upgrading
>> to 3.19 and had no luck with 4.0-rc1 neither.
>>
>> So, after
meaning if anon_vma_clone()
fails. Besides, callers don't care dst->anon_vma in such case neither.
Also suggested by Michal Hocko, we can clean up vma_adjust() a bit as
anon_vma_clone() now does the work.
Fixes: 7a3ef208e662 ("mm: prevent endless growth of anon_vma hierarchy")
On Fri, Oct 21, 2016 at 3:21 AM, Michal Hocko wrote:
> On Thu 20-10-16 19:04:39, Oleg Nesterov wrote:
>> On 10/20, Leon Yu wrote:
>> >
>> > --- a/fs/proc/base.c
>> > +++ b/fs/proc/base.c
>> > @@ -1014,6 +1014,9 @@ static ssize_t auxv_r
If something went wrong in anon_inode_getfile, event_file will be set to
non-zero error number and able to bypass the NULL test afterward.
Consolidate the error path by testing event_file with handly
IS_ERR_OR_NULL() helper since we do want to free event in both cases.
Signed-off-by: Leon Yu
On Mon, Mar 21, 2016 at 4:02 PM, Alexander Shishkin
wrote:
> Leon Yu writes:
>
>> If something went wrong in anon_inode_getfile, event_file will be set to
>> non-zero error number and able to bypass the NULL test afterward.
>>
>> Consolidate the error path by
ned-off-by: Leon Yu
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index a999d6b33a64..1f319c9cee46 100644
--- a/d
On Wed, Oct 19, 2016 at 10:20 PM, Al Viro wrote:
>
> On Wed, Oct 19, 2016 at 09:59:40PM +0800, Leon Yu wrote:
> > Reading auxv of any kernel thread results in NULL pointer dereferencing in
> > auxv_read() where mm can be NULL or even error code. Fix that by testing mm
>
quot;)
Signed-off-by: Leon Yu
---
fs/proc/base.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index c2964d890c9a..598d08936a3c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1007,6 +1007,9 @@ static ssize_t auxv_read(struct file *file, char __user
*bu
sendfile64+0xd4/0xe8)
[9.319823] [] (SyS_sendfile64) from []
(ret_fast_syscall+0x0/0x34)
[9.327829] Code: e1a01002 e1a02003 e1a03004 e2833008 (e593e0a0)
[9.333973] ---[ end trace d3f50081f24b99ce ]---
Fixes: c5317167854e ("proc: switch auxv to use of __mem_open()")
Si
On Thu, Oct 20, 2016 at 1:17 AM, Michal Hocko wrote:
> So here is my RFC as an alternative. Thoughts? Please note that we
> currently have only very few users of use_mm() API in the kernel
> so a risk of a regression is not really high. usb/gadget are using it
> only temporarily. The remaining is
Commit-ID: d415a7f1c1a8406b22d95b943c66a5b73a37bc19
Gitweb: http://git.kernel.org/tip/d415a7f1c1a8406b22d95b943c66a5b73a37bc19
Author: Leon Yu
AuthorDate: Thu, 26 Feb 2015 20:43:33 +0800
Committer: Ingo Molnar
CommitDate: Fri, 13 Mar 2015 10:02:18 +0100
perf: Fix context leak in
21 matches
Mail list logo
