[088/244] 9p: close ACL leaks
From: Greg KH
Date: Wed Sep 28 2011 - 19:22:21 EST
3.0-stable review patch. If anyone has any objections, please let us know.
------------------
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
commit 1ec95bf34d976b38897d1977b155a544d77b05e7 upstream.
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---
fs/9p/acl.c | 22 +++++++++++++---------
fs/9p/acl.h | 6 +++---
fs/9p/vfs_inode_dotl.c | 9 ++++++---
3 files changed, 22 insertions(+), 15 deletions(-)
--- a/fs/9p/acl.c
+++ b/fs/9p/acl.c
@@ -185,12 +185,15 @@ int v9fs_acl_chmod(struct dentry *dentry
}
int v9fs_set_create_acl(struct dentry *dentry,
- struct posix_acl *dpacl, struct posix_acl *pacl)
+ struct posix_acl **dpacl, struct posix_acl **pacl)
{
- v9fs_set_acl(dentry, ACL_TYPE_DEFAULT, dpacl);
- v9fs_set_acl(dentry, ACL_TYPE_ACCESS, pacl);
- posix_acl_release(dpacl);
- posix_acl_release(pacl);
+ if (dentry) {
+ v9fs_set_acl(dentry, ACL_TYPE_DEFAULT, *dpacl);
+ v9fs_set_acl(dentry, ACL_TYPE_ACCESS, *pacl);
+ }
+ posix_acl_release(*dpacl);
+ posix_acl_release(*pacl);
+ *dpacl = *pacl = NULL;
return 0;
}
@@ -212,11 +215,11 @@ int v9fs_acl_mode(struct inode *dir, mod
struct posix_acl *clone;
if (S_ISDIR(mode))
- *dpacl = acl;
+ *dpacl = posix_acl_dup(acl);
clone = posix_acl_clone(acl, GFP_NOFS);
- retval = -ENOMEM;
+ posix_acl_release(acl);
if (!clone)
- goto cleanup;
+ return -ENOMEM;
retval = posix_acl_create_masq(clone, &mode);
if (retval < 0) {
@@ -225,11 +228,12 @@ int v9fs_acl_mode(struct inode *dir, mod
}
if (retval > 0)
*pacl = clone;
+ else
+ posix_acl_release(clone);
}
*modep = mode;
return 0;
cleanup:
- posix_acl_release(acl);
return retval;
}
--- a/fs/9p/acl.h
+++ b/fs/9p/acl.h
@@ -19,7 +19,7 @@ extern int v9fs_get_acl(struct inode *,
extern int v9fs_check_acl(struct inode *inode, int mask, unsigned int flags);
extern int v9fs_acl_chmod(struct dentry *);
extern int v9fs_set_create_acl(struct dentry *,
- struct posix_acl *, struct posix_acl *);
+ struct posix_acl **, struct posix_acl **);
extern int v9fs_acl_mode(struct inode *dir, mode_t *modep,
struct posix_acl **dpacl, struct posix_acl **pacl);
#else
@@ -33,8 +33,8 @@ static inline int v9fs_acl_chmod(struct
return 0;
}
static inline int v9fs_set_create_acl(struct dentry *dentry,
- struct posix_acl *dpacl,
- struct posix_acl *pacl)
+ struct posix_acl **dpacl,
+ struct posix_acl **pacl)
{
return 0;
}
--- a/fs/9p/vfs_inode_dotl.c
+++ b/fs/9p/vfs_inode_dotl.c
@@ -287,7 +287,7 @@ v9fs_vfs_create_dotl(struct inode *dir,
goto error;
/* Now set the ACL based on the default value */
- v9fs_set_create_acl(dentry, dacl, pacl);
+ v9fs_set_create_acl(dentry, &dacl, &pacl);
v9inode = V9FS_I(inode);
mutex_lock(&v9inode->v_mutex);
@@ -328,6 +328,7 @@ error:
err_clunk_old_fid:
if (ofid)
p9_client_clunk(ofid);
+ v9fs_set_create_acl(NULL, &dacl, &pacl);
return err;
}
@@ -421,12 +422,13 @@ static int v9fs_vfs_mkdir_dotl(struct in
d_instantiate(dentry, inode);
}
/* Now set the ACL based on the default value */
- v9fs_set_create_acl(dentry, dacl, pacl);
+ v9fs_set_create_acl(dentry, &dacl, &pacl);
inc_nlink(dir);
v9fs_invalidate_inode_attr(dir);
error:
if (fid)
p9_client_clunk(fid);
+ v9fs_set_create_acl(NULL, &dacl, &pacl);
return err;
}
@@ -826,10 +828,11 @@ v9fs_vfs_mknod_dotl(struct inode *dir, s
d_instantiate(dentry, inode);
}
/* Now set the ACL based on the default value */
- v9fs_set_create_acl(dentry, dacl, pacl);
+ v9fs_set_create_acl(dentry, &dacl, &pacl);
error:
if (fid)
p9_client_clunk(fid);
+ v9fs_set_create_acl(NULL, &dacl, &pacl);
return err;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/