35 lines
1023 B
Diff
35 lines
1023 B
Diff
From: Al Viro <viro@zeniv.linux.org.uk>
|
|
Date: Fri, 8 May 2015 22:53:15 -0400
|
|
Subject: path_openat(): fix double fput()
|
|
Origin: https://git.kernel.org/linus/f15133df088ecadd141ea1907f2c96df67c729f0
|
|
|
|
path_openat() jumps to the wrong place after do_tmpfile() - it has
|
|
already done path_cleanup() (as part of path_lookupat() called by
|
|
do_tmpfile()), so doing that again can lead to double fput().
|
|
|
|
Cc: stable@vger.kernel.org # v3.11+
|
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
---
|
|
fs/namei.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
--- a/fs/namei.c
|
|
+++ b/fs/namei.c
|
|
@@ -3228,7 +3228,7 @@ static struct file *path_openat(int dfd,
|
|
|
|
if (unlikely(file->f_flags & __O_TMPFILE)) {
|
|
error = do_tmpfile(dfd, pathname, nd, flags, op, file, &opened);
|
|
- goto out;
|
|
+ goto out2;
|
|
}
|
|
|
|
error = path_init(dfd, pathname->name, flags, nd);
|
|
@@ -3258,6 +3258,7 @@ static struct file *path_openat(int dfd,
|
|
}
|
|
out:
|
|
path_cleanup(nd);
|
|
+out2:
|
|
if (!(opened & FILE_OPENED)) {
|
|
BUG_ON(!error);
|
|
put_filp(file);
|