[PATCH][securityfs][2.6.34] Drop dentry reference count when mknod fails

[Tvrtko Ursulin]

lookup_one_len increments dentry reference count which is not decremented
when the create operation fails. This can cause a kernel BUG at
fs/dcache.c:676 at unmount time. Also error code returned when new_inode()
fails was replaced with more appropriate -ENOMEM.


Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxxx>
---
 inode.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff -upr linux-2.6.34/security/inode.c linux-2.6.34-new/security/inode.c
--- linux-2.6.34/security/inode.c       2010-05-16 22:17:36.000000000 +0100
+++ linux-2.6.34-new/security/inode.c   2010-07-15 13:20:38.133783253 +0100
@@ -86,7 +86,7 @@ static int mknod(struct inode *dir, stru
                         int mode, dev_t dev)
 {
        struct inode *inode;
-       int error = -EPERM;
+       int error = -ENOMEM;

        if (dentry->d_inode)
                return -EEXIST;
@@ -166,6 +166,8 @@ static int create_by_name(const char *na
                        error = mkdir(parent->d_inode, *dentry, mode);
                else
                        error = create(parent->d_inode, *dentry, mode);
+               if (error)
+                       dput(dentry);
        } else
                error = PTR_ERR(*dentry);
        mutex_unlock(&parent->d_inode->i_mutex);



Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/