In ovl_lookup_single(), if lookup in undelying fs returned an error
that is neither -ENAMETOOLONG nor -ENOENT, PTR_ERR() was returned in
*ret as a valid dentry and function returned 0 for success.
The faulty dentry would then be passed to dput() on umount and cause
a unhandled kernel page fault.
Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
---
fs/overlayfs/namei.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index 1f2d155..7977190 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -45,11 +45,12 @@ static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
this = lookup_one_len_unlocked(name, base, namelen);
if (IS_ERR(this)) {
- if (PTR_ERR(this) == -ENOENT ||
- PTR_ERR(this) == -ENAMETOOLONG) {
+ err = PTR_ERR(this);
+ if (err == -ENOENT || err == -ENAMETOOLONG) {
this = NULL;
+ goto out;
}
- goto out;
+ return err;
}
if (!this->d_inode)
goto put_and_out;
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
