Patch "fix inode leaks on d_splice_alias() failure exits" has been added to the 3.17-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 10 Nov 2014 13:19:48 +0900

This is a note to let you know that I've just added the patch titled

    fix inode leaks on d_splice_alias() failure exits

to the 3.17-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fix-inode-leaks-on-d_splice_alias-failure-exits.patch
and it can be found in the queue-3.17 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 51486b900ee92856b977eacfc5bfbe6565028070 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Oct 2014 13:26:21 -0400
Subject: fix inode leaks on d_splice_alias() failure exits

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

commit 51486b900ee92856b977eacfc5bfbe6565028070 upstream.

d_splice_alias() callers expect it to either stash the inode reference
into a new alias, or drop the inode reference.  That makes it possible
to just return d_splice_alias() result from ->lookup() instance, without
any extra housekeeping required.

Unfortunately, that should include the failure exits.  If d_splice_alias()
returns an error, it leaves the dentry it has been given negative and
thus it *must* drop the inode reference.  Easily fixed, but it goes way
back and will need backporting.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 fs/dcache.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct ino
 			if (!IS_ROOT(new)) {
 				spin_unlock(&inode->i_lock);
 				dput(new);
+				iput(inode);
 				return ERR_PTR(-EIO);
 			}
 			if (d_ancestor(new, dentry)) {
 				spin_unlock(&inode->i_lock);
 				dput(new);
+				iput(inode);
 				return ERR_PTR(-EIO);
 			}
 			write_seqlock(&rename_lock);


Patches currently in stable-queue which might be from viro@xxxxxxxxxxxxxxxxxx are

queue-3.17/fs-fix-theoretical-division-by-0-in-super_cache_scan.patch
queue-3.17/fs-make-cont_expand_zero-interruptible.patch
queue-3.17/fix-inode-leaks-on-d_splice_alias-failure-exits.patch
queue-3.17/fix-misuses-of-f_count-in-ppp-and-netlink.patch
queue-3.17/missing-data-dependency-barrier-in-prepend_name.patch
queue-3.17/kill-wbuf_queued-wbuf_dwork_lock.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







