UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Chen Tingjie c70dbb1e79 tty: fix memleak in alloc_pid 
There is memleak in alloc_pid:
------------------------------
unreferenced object 0xd3453a80 (size 64):
  comm "adbd", pid 1730, jiffies 66363 (age 6586.950s)
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 40 c2 f6 d5 00 d3 25 c1 59 28 00 00  ....@.....%.Y(..
  backtrace:
    [<c1a6f15c>] kmemleak_alloc+0x3c/0xa0
    [<c1320546>] kmem_cache_alloc+0xc6/0x190
    [<c125d51e>] alloc_pid+0x1e/0x400
    [<c123d344>] copy_process.part.39+0xad4/0x1120
    [<c123da59>] do_fork+0x99/0x330
    [<c123dd58>] sys_fork+0x28/0x30
    [<c1a89a08>] syscall_call+0x7/0xb
    [<ffffffff>] 0xffffffff

the leak is due to unreleased pid->count, which execute in function:
get_pid()(pid->count++) and put_pid()(pid->count--).

The race condition as following:
task[dumpsys]               task[adbd]
in disassociate_ctty()      in tty_signal_session_leader()
-----------------------     -------------------------
tty = get_current_tty();
// tty is not NULL
...
spin_lock_irq(&current->sighand->siglock);
put_pid(current->signal->tty_old_pgrp);
current->signal->tty_old_pgrp = NULL;
spin_unlock_irq(&current->sighand->siglock);

                            spin_lock_irq(&p->sighand->siglock);
                            ...
                            p->signal->tty = NULL;
                            ...
                            spin_unlock_irq(&p->sighand->siglock);

tty = get_current_tty();
// tty NULL, goto else branch by accident.
if (tty) {
    ...
    put_pid(tty_session);
    put_pid(tty_pgrp);
    ...
} else {
    print msg
}

in task[dumpsys], in disassociate_ctty(), tty is set NULL by task[adbd],
tty_signal_session_leader(), then it goto else branch and lack of
put_pid(), cause memleak.

move spin_unlock(sighand->siglock) after get_current_tty() can avoid
the race and fix the memleak.

Signed-off-by: Zhang Jun <jun.zhang@intel.com>
Signed-off-by: Chen Tingjie <tingjie.chen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-04-16 14:31:13 -07:00
..
accessibility
acpi Merge branch 'acpi-config' 2014-04-08 21:34:51 +02:00
amba ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
ata Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
atm atm: idt77105: Use del_timer_sync() in exit path 2014-03-25 21:06:02 -04:00
auxdisplay
base regmap: Fix for nodev mode 2014-04-11 13:25:08 -07:00
bcma bcma: gpio: register 32 GPIOs on BCM5357 2014-03-27 14:20:04 -04:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-04-12 14:49:50 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-04-02 20:53:45 -07:00
bus ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
cdrom
char ttyprintk: Allow built as a module 2014-04-16 14:21:06 -07:00
clk == Changes to existing drivers == 2014-04-07 10:24:18 -07:00
clocksource CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
connector Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-04-02 20:53:45 -07:00
cpufreq Merge branch 'pm-cpufreq' 2014-04-08 13:28:02 +02:00
cpuidle Merge branch 'pm-cpuidle' 2014-04-08 13:27:40 +02:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2014-04-03 09:28:16 -07:00
dca
devfreq PM / devfreq: Rewrite devfreq_update_status() to fix multiple bugs 2014-03-21 11:16:30 +09:00
dio
dma Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-04-10 08:55:08 -07:00
edac Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
eisa
extcon
firewire
firmware Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-11 11:58:33 -07:00
fmc
gpio == Changes to existing drivers == 2014-04-07 10:24:18 -07:00
gpu Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2014-04-08 09:52:16 -07:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
hsi
hv Char/Misc driver patches for 3.15-rc1 2014-04-01 16:13:21 -07:00
hwmon Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2014-04-09 08:35:31 -07:00
hwspinlock
i2c Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2014-04-09 08:45:40 -07:00
ide
idle Merge branch 'pm-cpuidle' 2014-04-08 13:27:40 +02:00
iio == Changes to existing drivers == 2014-04-07 10:24:18 -07:00
infiniband Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-04-12 16:51:08 -07:00
input pwm: Changes for v3.15-rc1 2014-04-05 18:32:31 -07:00
iommu IOMMU Upates for Linux v3.15 2014-04-05 18:46:26 -07:00
ipack
irqchip ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
isdn isdnloop: several buffer overflows 2014-04-08 12:41:13 -04:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2014-04-10 09:06:10 -07:00
lguest drivers/lguest/page_tables.c: rename do_set_pte() 2014-04-07 16:35:52 -07:00
macintosh
mailbox
mcb
md Just a few md patches for the 3.15 merge window. 2014-04-11 17:20:38 -07:00
media [media] gpsca: remove the risk of a division by zero 2014-04-08 11:01:12 -03:00
memory
memstick
message PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
mfd MMC highlights for 3.15: 2014-04-09 08:39:39 -07:00
misc drivers/misc/sgi-gru/grukdump.c: cleanup gru_dump_context() a little 2014-04-07 16:36:09 -07:00
mmc MMC highlights for 3.15: 2014-04-09 08:39:39 -07:00
mtd MTD updates for 3.15: 2014-04-07 10:17:30 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-04-12 17:31:22 -07:00
nfc
ntb ntb: Use pci_enable_msix_range() instead of pci_enable_msix() 2014-04-07 10:59:20 -07:00
nubus
of MTD updates for 3.15: 2014-04-07 10:17:30 -07:00
oprofile
parisc
parport
pci Nothing major: the stricter permissions checking for sysfs broke 2014-04-06 09:38:07 -07:00
pcmcia PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
phy ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
pinctrl This is the bulk of GPIO changes for v3.15: 2014-04-03 16:44:15 -07:00
platform alienware-wmi: cover some scenarios where memory allocations would fail 2014-04-10 12:11:56 -04:00
pnp More ACPI and power management updates for 3.15-rc1 2014-04-02 14:10:21 -07:00
power
powercap CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
pps
ps3
ptp net: ptp: move PTP classifier in its own file 2014-04-01 16:43:18 -04:00
pwm pwm: Changes for v3.15-rc1 2014-04-05 18:32:31 -07:00
rapidio rapidio: rework device hierarchy and introduce mport class of devices 2014-04-07 16:36:07 -07:00
regulator regulator: Fixes for v3.15 2014-04-11 13:30:05 -07:00
remoteproc
reset Merge branch 'reset/for_v3.15' of git://git.pengutronix.de/git/pza/linux into next/drivers 2014-03-27 01:28:19 +01:00
rpmsg
rtc ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2014-04-08 12:02:28 -07:00
sbus
scsi sym53c8xx_2: Set DID_REQUEUE return code when aborting squeue 2014-04-12 18:02:16 -07:00
sfi
sh ARM: SoC: sh driver changes 2014-04-05 15:38:41 -07:00
sn
spi spi: Fixes for v3.15 2014-04-11 13:35:49 -07:00
spmi
ssb
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-04-12 17:31:22 -07:00
target Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-04-12 17:31:22 -07:00
tc
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2014-04-10 09:15:46 -07:00
tty tty: fix memleak in alloc_pid 2014-04-16 14:31:13 -07:00
uio
usb Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-04-12 16:51:08 -07:00
uwb
vfio VFIO updates for v3.15 include: 2014-04-03 14:05:02 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-04-12 16:51:08 -07:00
video - Call put_device() instead of kfree() - core 2014-04-10 08:52:35 -07:00
virt
virtio
vlynq
vme
w1
watchdog CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
xen Fix arm build of drivers/xen/events/ 2014-04-07 17:50:18 -07:00
zorro
Kconfig
Makefile