Bug 258698 - aio(4): ucred leak in aio_aqueue()'s failure path
Summary: aio(4): ucred leak in aio_aqueue()'s failure path
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
URL: https://github.com/freebsd/freebsd-sr...
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2021-09-23 22:44 UTC by sigsys
Modified: 2021-10-01 00:34 UTC (History)
1 user (show)

See Also:
koobs: maintainer-feedback? (asomers)
koobs: mfc-stable13?
koobs: mfc-stable12-
koobs: mfc-stable11-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description sigsys 2021-09-23 22:44:30 UTC
diff --git c/sys/kern/vfs_aio.c i/sys/kern/vfs_aio.c
index ebe91ff0fdaf..a3a099873ff1 100644
--- c/sys/kern/vfs_aio.c
+++ i/sys/kern/vfs_aio.c
@@ -1714,7 +1714,7 @@ aio_aqueue(struct thread *td, struct aiocb *ujob, struct aioliojob *lj,
 	else
 		error = fo_aio_queue(fp, job);
 	if (error)
-		goto err3;
+		goto err4;
 
 	AIO_LOCK(ki);
 	job->jobflags &= ~KAIOCB_QUEUEING;
@@ -1735,6 +1735,8 @@ aio_aqueue(struct thread *td, struct aiocb *ujob, struct aioliojob *lj,
 	AIO_UNLOCK(ki);
 	return (0);
 
+err4:
+	crfree(job->cred);
 err3:
 	if (fp)
 		fdrop(fp, td);
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-09-24 00:10:43 UTC
Thank you for your report. Please include your proposed patch as an attachment 

Appears introduced in src 022ca2fc7fe08d51f33a1d23a9be49e6d132914e via https://reviews.freebsd.org/D27743
Comment 2 commit-hook freebsd_committer 2021-09-24 00:19:18 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=45c2c7c484de7747014492b17ff89e323ee66496

commit 45c2c7c484de7747014492b17ff89e323ee66496
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-09-24 00:14:56 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-09-24 00:18:34 +0000

    aio_aqueue(): avoid ucred leak on failure path

    PR:     258698
    Submitted by:   sigsys@gmail.com
    MFC after:      1 week

 sys/kern/vfs_aio.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
Comment 3 commit-hook freebsd_committer 2021-10-01 00:34:06 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=9499d3c1e40dfeb1f63f61af7cdf25ee27f9a2ec

commit 9499d3c1e40dfeb1f63f61af7cdf25ee27f9a2ec
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-09-24 00:14:56 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-10-01 00:32:22 +0000

    aio_aqueue(): avoid ucred leak on failure path

    PR:     258698

    (cherry picked from commit 45c2c7c484de7747014492b17ff89e323ee66496)

 sys/kern/vfs_aio.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)