coda: do not grab an uninitialized fd when the open upcall returns an error
When open fails the fd in the response is uninitialized and we ended up taking a reference on the file struct and never released it. Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Родитель
18991197b4
Коммит
38c2e4370d
|
@ -143,8 +143,11 @@ int coda_open(struct inode *coda_inode, struct file *coda_file)
|
|||
lock_kernel();
|
||||
|
||||
error = venus_open(coda_inode->i_sb, coda_i2f(coda_inode), coda_flags,
|
||||
&host_file);
|
||||
if (error || !host_file) {
|
||||
&host_file);
|
||||
if (!host_file)
|
||||
error = -EIO;
|
||||
|
||||
if (error) {
|
||||
kfree(cfi);
|
||||
unlock_kernel();
|
||||
return error;
|
||||
|
|
|
@ -195,7 +195,8 @@ static ssize_t coda_psdev_write(struct file *file, const char __user *buf,
|
|||
if (req->uc_opcode == CODA_OPEN_BY_FD) {
|
||||
struct coda_open_by_fd_out *outp =
|
||||
(struct coda_open_by_fd_out *)req->uc_data;
|
||||
outp->fh = fget(outp->fd);
|
||||
if (!outp->oh.result)
|
||||
outp->fh = fget(outp->fd);
|
||||
}
|
||||
|
||||
wake_up(&req->uc_sleep);
|
||||
|
|
|
@ -251,12 +251,12 @@ int venus_open(struct super_block *sb, struct CodaFid *fid,
|
|||
insize = SIZE(open_by_fd);
|
||||
UPARG(CODA_OPEN_BY_FD);
|
||||
|
||||
inp->coda_open.VFid = *fid;
|
||||
inp->coda_open.flags = flags;
|
||||
inp->coda_open_by_fd.VFid = *fid;
|
||||
inp->coda_open_by_fd.flags = flags;
|
||||
|
||||
error = coda_upcall(coda_sbp(sb), insize, &outsize, inp);
|
||||
|
||||
*fh = outp->coda_open_by_fd.fh;
|
||||
error = coda_upcall(coda_sbp(sb), insize, &outsize, inp);
|
||||
if (!error)
|
||||
*fh = outp->coda_open_by_fd.fh;
|
||||
|
||||
CODA_FREE(inp, insize);
|
||||
return error;
|
||||
|
|
Загрузка…
Ссылка в новой задаче