This is a note to let you know that I've just added the patch titled ovl: fix tmpfile leak to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ovl-fix-tmpfile-leak.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From baabaa505563362b71f2637aedd7b807d270656c Mon Sep 17 00:00:00 2001 From: Miklos Szeredi <mszeredi@xxxxxxxxxx> Date: Tue, 24 Jan 2023 16:41:18 +0100 Subject: ovl: fix tmpfile leak From: Miklos Szeredi <mszeredi@xxxxxxxxxx> commit baabaa505563362b71f2637aedd7b807d270656c upstream. Missed an error cleanup. Reported-by: syzbot+fd749a7ea127a84e0ffd@xxxxxxxxxxxxxxxxxxxxxxxxx Fixes: 2b1a77461f16 ("ovl: use vfs_tmpfile_open() helper") Cc: <stable@xxxxxxxxxxxxxxx> # v6.1 Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/overlayfs/copy_up.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -754,7 +754,7 @@ static int ovl_copy_up_tmpfile(struct ov if (!c->metacopy && c->stat.size) { err = ovl_copy_up_file(ofs, c->dentry, tmpfile, c->stat.size); if (err) - return err; + goto out_fput; } err = ovl_copy_up_metadata(c, temp); Patches currently in stable-queue which might be from mszeredi@xxxxxxxxxx are queue-6.1/ovl-fix-tmpfile-leak.patch queue-6.1/ovl-fail-on-invalid-uid-gid-mapping-at-copy-up.patch