diff options
author | Tvrtko Ursulin <tvrtko.ursulin@sophos.com> | 2010-07-15 08:25:06 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:34:59 -0400 |
commit | b8bc83ab4dcbc9938b95a90bbb50d89d1904d5ab (patch) | |
tree | 7ccdfa1ad932b8556052aa0de65d017816a4470e /security | |
parent | 57a62c2317d60b21b7761c319a733a894482a6af (diff) |
securityfs: Drop dentry reference count when mknod fails
lookup_one_len increments dentry reference count which is not decremented
when the create operation fails. This can cause a kernel BUG at
fs/dcache.c:676 at unmount time. Also error code returned when new_inode()
fails was replaced with more appropriate -ENOMEM.
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/inode.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/inode.c b/security/inode.c index 1c812e874504..8c777f022ad1 100644 --- a/security/inode.c +++ b/security/inode.c | |||
@@ -86,7 +86,7 @@ static int mknod(struct inode *dir, struct dentry *dentry, | |||
86 | int mode, dev_t dev) | 86 | int mode, dev_t dev) |
87 | { | 87 | { |
88 | struct inode *inode; | 88 | struct inode *inode; |
89 | int error = -EPERM; | 89 | int error = -ENOMEM; |
90 | 90 | ||
91 | if (dentry->d_inode) | 91 | if (dentry->d_inode) |
92 | return -EEXIST; | 92 | return -EEXIST; |
@@ -166,6 +166,8 @@ static int create_by_name(const char *name, mode_t mode, | |||
166 | error = mkdir(parent->d_inode, *dentry, mode); | 166 | error = mkdir(parent->d_inode, *dentry, mode); |
167 | else | 167 | else |
168 | error = create(parent->d_inode, *dentry, mode); | 168 | error = create(parent->d_inode, *dentry, mode); |
169 | if (error) | ||
170 | dput(*dentry); | ||
169 | } else | 171 | } else |
170 | error = PTR_ERR(*dentry); | 172 | error = PTR_ERR(*dentry); |
171 | mutex_unlock(&parent->d_inode->i_mutex); | 173 | mutex_unlock(&parent->d_inode->i_mutex); |