[ 12/41] vfs: fix double put after complete_walk()

From: Greg KH
Date: Fri Mar 16 2012 - 19:48:45 EST

Next message: Greg KH: "[ 14/41] atl1c: dont use highprio tx queue"
Previous message: Greg KH: "[ 07/41] [media] omap3isp: ccdc: Fix crash in HS/VS interrupt handler"
In reply to: Greg KH: "[ 07/41] [media] omap3isp: ccdc: Fix crash in HS/VS interrupt handler"
Next in thread: Greg KH: "[ 14/41] atl1c: dont use highprio tx queue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.2-stable review patch. If anyone has any objections, please let me know.

------------------

From: Miklos Szeredi <mszeredi@xxxxxxx>

commit 097b180ca09b581ef0dc24fbcfc1b227de3875df upstream.

complete_walk() already puts nd->path, no need to do it again at cleanup time.

This would result in Oopses if triggered, apparently the codepath is not too
well exercised.

Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2238,7 +2238,7 @@ static struct file *do_last(struct namei
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
error = complete_walk(nd);
if (error)
- goto exit;
+ return ERR_PTR(error);
error = -EISDIR;
if (S_ISDIR(nd->inode->i_mode))
goto exit;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[ 14/41] atl1c: dont use highprio tx queue"
Previous message: Greg KH: "[ 07/41] [media] omap3isp: ccdc: Fix crash in HS/VS interrupt handler"
In reply to: Greg KH: "[ 07/41] [media] omap3isp: ccdc: Fix crash in HS/VS interrupt handler"
Next in thread: Greg KH: "[ 14/41] atl1c: dont use highprio tx queue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]