| From 51486b900ee92856b977eacfc5bfbe6565028070 Mon Sep 17 00:00:00 2001 |
| From: Al Viro <viro@zeniv.linux.org.uk> |
| Date: Thu, 23 Oct 2014 13:26:21 -0400 |
| Subject: fix inode leaks on d_splice_alias() failure exits |
| |
| From: Al Viro <viro@zeniv.linux.org.uk> |
| |
| commit 51486b900ee92856b977eacfc5bfbe6565028070 upstream. |
| |
| d_splice_alias() callers expect it to either stash the inode reference |
| into a new alias, or drop the inode reference. That makes it possible |
| to just return d_splice_alias() result from ->lookup() instance, without |
| any extra housekeeping required. |
| |
| Unfortunately, that should include the failure exits. If d_splice_alias() |
| returns an error, it leaves the dentry it has been given negative and |
| thus it *must* drop the inode reference. Easily fixed, but it goes way |
| back and will need backporting. |
| |
| Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/dcache.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/fs/dcache.c |
| +++ b/fs/dcache.c |
| @@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct ino |
| if (!IS_ROOT(new)) { |
| spin_unlock(&inode->i_lock); |
| dput(new); |
| + iput(inode); |
| return ERR_PTR(-EIO); |
| } |
| if (d_ancestor(new, dentry)) { |
| spin_unlock(&inode->i_lock); |
| dput(new); |
| + iput(inode); |
| return ERR_PTR(-EIO); |
| } |
| write_seqlock(&rename_lock); |
