diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-05-16 11:46:58 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-05-16 11:46:58 -0700 |
commit | 4e785e8d9947f0f75e39cf3034dd6f55170c514b (patch) | |
tree | ab5941a7193b8bc504c62c81f8f6ac3caa47e69a | |
parent | 27ebbf9d5bc0ab0a8ca875119e0ce4cd267fa2fc (diff) | |
parent | 35399f87e271f7cf3048eab00a421a6519ac8441 (diff) |
Merge tag 'configfs-for-5.2' of git://git.infradead.org/users/hch/configfs
Pull configfs update from Christoph Hellwig:
- a fix for an error path use after free (YueHaibing)
* tag 'configfs-for-5.2' of git://git.infradead.org/users/hch/configfs:
configfs: fix possible use-after-free in configfs_register_group
-rw-r--r-- | fs/configfs/dir.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c index 591e82ba443c..5e7932d668ab 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c @@ -1757,12 +1757,19 @@ int configfs_register_group(struct config_group *parent_group, inode_lock_nested(d_inode(parent), I_MUTEX_PARENT); ret = create_default_group(parent_group, group); - if (!ret) { - spin_lock(&configfs_dirent_lock); - configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata); - spin_unlock(&configfs_dirent_lock); - } + if (ret) + goto err_out; + + spin_lock(&configfs_dirent_lock); + configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata); + spin_unlock(&configfs_dirent_lock); + inode_unlock(d_inode(parent)); + return 0; +err_out: inode_unlock(d_inode(parent)); + mutex_lock(&subsys->su_mutex); + unlink_group(group); + mutex_unlock(&subsys->su_mutex); return ret; } EXPORT_SYMBOL(configfs_register_group); |