[ 07/12] cifs: fix dentry refcount leak when opening a FIFO on lookup

From: Willy Tarreau
Date: Sun Mar 11 2012 - 20:52:44 EST

Next message: Willy Tarreau: "[ 10/13] atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume"
Previous message: Willy Tarreau: "[ 04/13] udf: Mark LVID buffer as uptodate before marking it dirty"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.32-longterm review patch. If anyone has any objections, please let me know.

------------------

From: Jeff Layton <jlayton@xxxxxxxxxx>

commit 5bccda0ebc7c0331b81ac47d39e4b920b198b2cd upstream.

The cifs code will attempt to open files on lookup under certain
circumstances. What happens though if we find that the file we opened
was actually a FIFO or other special file?

Currently, the open filehandle just ends up being leaked leading to
a dentry refcount mismatch and oops on umount. Fix this by having the
code close the filehandle on the server if it turns out not to be a
regular file. While we're at it, change this spaghetti if statement
into a switch too.

Cc: stable@xxxxxxxxxxxxxxx
Reported-by: CAI Qian <caiqian@xxxxxxxxxx>
Tested-by: CAI Qian <caiqian@xxxxxxxxxx>
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
Signed-off-by: Steve French <smfrench@xxxxxxxxx>

diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 63a196b..bc7e244 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -584,10 +584,26 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
* If either that or op not supported returned, follow
* the normal lookup.
*/
- if ((rc == 0) || (rc == -ENOENT))
+ switch (rc) {
+ case 0:
+ /*
+ * The server may allow us to open things like
+ * FIFOs, but the client isn't set up to deal
+ * with that. If it's not a regular file, just
+ * close it and proceed as if it were a normal
+ * lookup.
+ */
+ if (newInode && !S_ISREG(newInode->i_mode)) {
+ CIFSSMBClose(xid, pTcon, fileHandle);
+ break;
+ }
+ case -ENOENT:
posix_open = true;
- else if ((rc == -EINVAL) || (rc != -EOPNOTSUPP))
+ case -EOPNOTSUPP:
+ break;
+ default:
pTcon->broken_posix_open = true;
+ }
}
if (!posix_open)
rc = cifs_get_inode_info_unix(&newInode, full_path,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Willy Tarreau: "[ 10/13] atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume"
Previous message: Willy Tarreau: "[ 04/13] udf: Mark LVID buffer as uptodate before marking it dirty"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]