diff options
author | Leon Yu <chianglungyu@gmail.com> | 2014-05-01 05:31:28 +0200 |
---|---|---|
committer | Benjamin LaHaise <bcrl@kvack.org> | 2014-05-01 14:37:43 +0200 |
commit | 754320d6e166d3a12cb4810a452bde00afbd4e9a (patch) | |
tree | 3b17b611fa318a189aa04b98abbeb2ec0062233d | |
parent | aio: block io_destroy() until all context requests are completed (diff) | |
download | linux-754320d6e166d3a12cb4810a452bde00afbd4e9a.tar.xz linux-754320d6e166d3a12cb4810a452bde00afbd4e9a.zip |
aio: fix potential leak in aio_run_iocb().
iovec should be reclaimed whenever caller of rw_copy_check_uvector() returns,
but it doesn't hold when failure happens right after aio_setup_vectored_rw().
Fix that in a such way to avoid hairy goto.
Signed-off-by: Leon Yu <chianglungyu@gmail.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Cc: stable@vger.kernel.org
-rw-r--r-- | fs/aio.c | 6 |
1 files changed, 2 insertions, 4 deletions
@@ -1327,10 +1327,8 @@ rw_common: &iovec, compat) : aio_setup_single_vector(req, rw, buf, &nr_segs, iovec); - if (ret) - return ret; - - ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes); + if (!ret) + ret = rw_verify_area(rw, file, &req->ki_pos, req->ki_nbytes); if (ret < 0) { if (iovec != &inline_vec) kfree(iovec); |