From: Al Viro Date: Sun, 12 Oct 2014 03:05:52 +0000 (-0400) Subject: let path_init() failures treated the same way as subsequent link_path_walk() X-Git-Tag: firefly_0821_release~176^2~3067^2~5 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=115cbfdc609702a131c51281864c08f5d27b459a;p=firefly-linux-kernel-4.4.55.git let path_init() failures treated the same way as subsequent link_path_walk() As it is, path_lookupat() and path_mounpoint() might end up leaking struct file reference in some cases. Spotted-by: Eric Biggers Signed-off-by: Al Viro --- diff --git a/fs/namei.c b/fs/namei.c index d20d579a022e..0f64aa412617 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1950,7 +1950,7 @@ static int path_lookupat(int dfd, const char *name, err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base); if (unlikely(err)) - return err; + goto out; current->total_link_count = 0; err = link_path_walk(name, nd); @@ -1982,6 +1982,7 @@ static int path_lookupat(int dfd, const char *name, } } +out: if (base) fput(base); @@ -2301,7 +2302,7 @@ path_mountpoint(int dfd, const char *name, struct path *path, unsigned int flags err = path_init(dfd, name, flags | LOOKUP_PARENT, &nd, &base); if (unlikely(err)) - return err; + goto out; current->total_link_count = 0; err = link_path_walk(name, &nd);