[PATCH] get rid of leak in compat_execve()
Even though copy_compat_strings() doesn't cache the pages,
copy_strings_kernel() and stuff indirectly called by e.g.
->load_binary() is doing that, so we need to drop the
cache contents in the end.
[found by WANG Cong <wangcong@zeuux.org>]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/compat.c b/fs/compat.c
index 332a869..ed43e17 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1405,7 +1405,7 @@
/* execve success */
security_bprm_free(bprm);
acct_update_integrals(current);
- kfree(bprm);
+ free_bprm(bprm);
return retval;
}
@@ -1424,7 +1424,7 @@
}
out_kfree:
- kfree(bprm);
+ free_bprm(bprm);
out_ret:
return retval;
diff --git a/fs/exec.c b/fs/exec.c
index 1f8a24a..3c2ba7c 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1251,6 +1251,12 @@
EXPORT_SYMBOL(search_binary_handler);
+void free_bprm(struct linux_binprm *bprm)
+{
+ free_arg_pages(bprm);
+ kfree(bprm);
+}
+
/*
* sys_execve() executes a new program.
*/
@@ -1320,17 +1326,15 @@
retval = search_binary_handler(bprm,regs);
if (retval >= 0) {
/* execve success */
- free_arg_pages(bprm);
security_bprm_free(bprm);
acct_update_integrals(current);
- kfree(bprm);
+ free_bprm(bprm);
if (displaced)
put_files_struct(displaced);
return retval;
}
out:
- free_arg_pages(bprm);
if (bprm->security)
security_bprm_free(bprm);
@@ -1344,7 +1348,7 @@
fput(bprm->file);
}
out_kfree:
- kfree(bprm);
+ free_bprm(bprm);
out_files:
if (displaced)