diff options
| author | Andreas Gruenbacher <agruenba@redhat.com> | 2018-11-26 12:45:35 -0500 |
|---|---|---|
| committer | Andreas Gruenbacher <agruenba@redhat.com> | 2018-12-11 15:44:29 -0500 |
| commit | 6ff9b09e00a441599f3aacdf577254455a048bc9 (patch) | |
| tree | ae5ebad26e35f1445b1295b224d962831124769a /fs/gfs2 | |
| parent | cbbe76c8bb27c0bea4bfa6cac56b5d4073b90687 (diff) | |
gfs2: Get rid of potential double-freeing in gfs2_create_inode
In gfs2_create_inode, after setting and releasing the acl / default_acl, the
acl / default_acl pointers are not set to NULL as they should be. In that
state, when the function reaches label fail_free_acls, gfs2_create_inode will
try to release the same acls again.
Fix that by setting the pointers to NULL after releasing the acls. Slightly
simplify the logic. Also, posix_acl_release checks for NULL already, so
there is no need to duplicate those checks here.
Fixes: e01580bf9e4d ("gfs2: use generic posix ACL infrastructure")
Reported-by: Pan Bian <bianpan2016@163.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org # v4.9+
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Diffstat (limited to 'fs/gfs2')
| -rw-r--r-- | fs/gfs2/inode.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 648f0ca1ad57..998051c4aea7 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c | |||
| @@ -744,17 +744,19 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry, | |||
| 744 | the gfs2 structures. */ | 744 | the gfs2 structures. */ |
| 745 | if (default_acl) { | 745 | if (default_acl) { |
| 746 | error = __gfs2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); | 746 | error = __gfs2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); |
| 747 | if (error) | ||
| 748 | goto fail_gunlock3; | ||
| 747 | posix_acl_release(default_acl); | 749 | posix_acl_release(default_acl); |
| 750 | default_acl = NULL; | ||
| 748 | } | 751 | } |
| 749 | if (acl) { | 752 | if (acl) { |
| 750 | if (!error) | 753 | error = __gfs2_set_acl(inode, acl, ACL_TYPE_ACCESS); |
| 751 | error = __gfs2_set_acl(inode, acl, ACL_TYPE_ACCESS); | 754 | if (error) |
| 755 | goto fail_gunlock3; | ||
| 752 | posix_acl_release(acl); | 756 | posix_acl_release(acl); |
| 757 | acl = NULL; | ||
| 753 | } | 758 | } |
| 754 | 759 | ||
| 755 | if (error) | ||
| 756 | goto fail_gunlock3; | ||
| 757 | |||
| 758 | error = security_inode_init_security(&ip->i_inode, &dip->i_inode, name, | 760 | error = security_inode_init_security(&ip->i_inode, &dip->i_inode, name, |
| 759 | &gfs2_initxattrs, NULL); | 761 | &gfs2_initxattrs, NULL); |
| 760 | if (error) | 762 | if (error) |
| @@ -789,10 +791,8 @@ fail_free_inode: | |||
| 789 | } | 791 | } |
| 790 | gfs2_rsqa_delete(ip, NULL); | 792 | gfs2_rsqa_delete(ip, NULL); |
| 791 | fail_free_acls: | 793 | fail_free_acls: |
| 792 | if (default_acl) | 794 | posix_acl_release(default_acl); |
| 793 | posix_acl_release(default_acl); | 795 | posix_acl_release(acl); |
| 794 | if (acl) | ||
| 795 | posix_acl_release(acl); | ||
| 796 | fail_gunlock: | 796 | fail_gunlock: |
| 797 | gfs2_dir_no_add(&da); | 797 | gfs2_dir_no_add(&da); |
| 798 | gfs2_glock_dq_uninit(ghs); | 798 | gfs2_glock_dq_uninit(ghs); |