[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] grub-file: fix segmentation fault
|
From: |
Andrei Borzenkov |
|
Subject: |
Re: [PATCH v2] grub-file: fix segmentation fault |
|
Date: |
Tue, 22 Nov 2016 21:39:43 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 |
22.11.2016 10:10, Michael Chang пишет:
> On Fri, Nov 18, 2016 at 11:50:25AM +0300, Andrei Borzenkov wrote:
>> Hmm ... I must admit I am confused how we can get NULL here. Filters
>> are called after primary file->name is set and each filter copies
>> previous struct file, which means returned file will inherit pointer
>> to the same file name.
>
> No. I don't think so. Looking into gzio or xzio file filters they did not copy
> original handle to new allocated one. And the new handle gets initialized
> without file->name being set from original one. The new handle then returned
> to upper file layer with file->name being null.
>
Right, I was mistaken.
>> Anyway, exactly because filters themselves do not free file->name this
>> patch means memory leak.
>
> Same reason above, as long as the filters did not allocate it, they did not
> need to free.
>
Yes, but your patch allocates copy of name and (some) filters set it to
NULL so it is leaked.
What about attached patch? It does not increase size of kernel.
I am not thrilled as it does require more discipline from filter author.
OTOH we may find some way to consolidate boilerplate later.
@Dann, this also solves your concerns about layering violation in
progress module as side effect. Could you test this patch? Thank you!
>> Michael, could you provide reproducer for it?
>
> I can still reproduce the segfault on latest git HEAD. Here is kernel image
> attached to reproduce the problem with:
>
> grub/build-xen # ./grub-file --is-x86_64-xen-domu
> /boot/vmlinux-4.8.4-1-default.gz
> Segmentation fault (core dumped)
>
> Thanks,
> Michael
>
file-filter-filename.patch
Description: Text Data