diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-03-12 11:48:14 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-03-12 11:48:14 -0800 |
| commit | 8d9d53de51eb52d077ffaf67da2320dafa6da1c6 (patch) | |
| tree | 3e63df35482a435e0cf8e75221439de027cad33f | |
| parent | b77b5fdd052e7ee61b35164abb10e8433d3160e8 (diff) | |
| parent | 14fbbc8297728e880070f7b077b3301a8c698ef9 (diff) | |
| download | linux-8d9d53de51eb52d077ffaf67da2320dafa6da1c6.tar.gz | |
Merge tag 'configfs-for-5.12' of git://git.infradead.org/users/hch/configfs
Pull configfs fix from Christoph Hellwig: - fix a use-after-free in __configfs_open_file (Daiyue Zhang) * tag 'configfs-for-5.12' of git://git.infradead.org/users/hch/configfs: configfs: fix a use-after-free in __configfs_open_file
| -rw-r--r-- | fs/configfs/file.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/fs/configfs/file.c b/fs/configfs/file.c index 1f0270229d7b..da8351d1e455 100644 --- a/fs/configfs/file.c +++ b/fs/configfs/file.c @@ -378,7 +378,7 @@ static int __configfs_open_file(struct inode *inode, struct file *file, int type attr = to_attr(dentry); if (!attr) - goto out_put_item; + goto out_free_buffer; if (type & CONFIGFS_ITEM_BIN_ATTR) { buffer->bin_attr = to_bin_attr(dentry); @@ -391,7 +391,7 @@ static int __configfs_open_file(struct inode *inode, struct file *file, int type /* Grab the module reference for this attribute if we have one */ error = -ENODEV; if (!try_module_get(buffer->owner)) - goto out_put_item; + goto out_free_buffer; error = -EACCES; if (!buffer->item->ci_type) @@ -435,8 +435,6 @@ static int __configfs_open_file(struct inode *inode, struct file *file, int type out_put_module: module_put(buffer->owner); -out_put_item: - config_item_put(buffer->item); out_free_buffer: up_read(&frag->frag_sem); kfree(buffer); |