From: Al Viro <viro@zeniv.linux.org.uk>
Date: Thu, 23 Oct 2014 17:26:21 +0000 (-0400)
Subject: fix inode leaks on d_splice_alias() failure exits
X-Git-Tag: firefly_0821_release~176^2~2967^2~5
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=51486b900ee92856b977eacfc5bfbe6565028070;p=firefly-linux-kernel-4.4.55.git

fix inode leaks on d_splice_alias() failure exits

d_splice_alias() callers expect it to either stash the inode reference
into a new alias, or drop the inode reference.  That makes it possible
to just return d_splice_alias() result from ->lookup() instance, without
any extra housekeeping required.

Unfortunately, that should include the failure exits.  If d_splice_alias()
returns an error, it leaves the dentry it has been given negative and
thus it *must* drop the inode reference.  Easily fixed, but it goes way
back and will need backporting.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/fs/dcache.c b/fs/dcache.c
index d5a23fd0da90..3ffef7f4e5cd 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2673,11 +2673,13 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
 			if (!IS_ROOT(new)) {
 				spin_unlock(&inode->i_lock);
 				dput(new);
+				iput(inode);
 				return ERR_PTR(-EIO);
 			}
 			if (d_ancestor(new, dentry)) {
 				spin_unlock(&inode->i_lock);
 				dput(new);
+				iput(inode);
 				return ERR_PTR(-EIO);
 			}
 			write_seqlock(&rename_lock);