[PATCH] Fix premature release of file_info memory in eCryptfs

[Michael Halcrow]

The file_info struct is being released, and then one of its members is
referenced from the released memory. This patch cleans up the function
and moves the release so that it occurs after the reference.

Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>

---

 fs/ecryptfs/file.c |   15 ++++++---------
 1 files changed, 6 insertions(+), 9 deletions(-)

1e22635a873a0b0179a8b033e75234dd83a3bb9f
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index c4ea9f0..b9cdb85 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -304,18 +304,15 @@ static int ecryptfs_flush(struct file *f
 	return rc;
 }
 
-static int ecryptfs_release(struct inode *ecryptfs_inode, struct file *file)
+static int ecryptfs_release(struct inode *inode, struct file *file)
 {
-	struct file *lower_file;
-	struct ecryptfs_file_info *file_info;
-	struct inode *lower_inode;
+	struct file *lower_file = ecryptfs_file_to_lower(file);
+	struct ecryptfs_file_info *file_info = ecryptfs_file_to_private(file);
+	struct inode *lower_inode = ecryptfs_inode_to_lower(inode);
 
-	file_info = ecryptfs_file_to_private(file);
-	kmem_cache_free(ecryptfs_file_info_cache, file_info);
-	lower_file = ecryptfs_file_to_lower(file);
 	fput(lower_file);
-	lower_inode = ecryptfs_inode_to_lower(ecryptfs_inode);
-	ecryptfs_inode->i_blocks = lower_inode->i_blocks;
+	inode->i_blocks = lower_inode->i_blocks;
+	kmem_cache_free(ecryptfs_file_info_cache, file_info);
 	return 0;
 }
 
-- 
1.3.3

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/