hfsplus: fix BKL leak in hfsplus_ioctl

Currenly the HFSPLUS_IOC_EXT2_GETFLAGS case never unlocks the BKL, which can lead to easily reproduced lockups when doing multiple GETFLAGS ioctls. Fix this by only taking the BKL for the HFSPLUS_IOC_EXT2_SETFLAGS case as neither HFSPLUS_IOC_EXT2_GETFLAGS not the default error case needs it. Signed-off-by: N Christoph Hellwig <hch@tuxera.com>

hfsplus: fix BKL leak in hfsplus_ioctl
Currenly the HFSPLUS_IOC_EXT2_GETFLAGS case never unlocks the BKL, which can lead to easily reproduced lockups when doing multiple GETFLAGS ioctls. Fix this by only taking the BKL for the HFSPLUS_IOC_EXT2_SETFLAGS case as neither HFSPLUS_IOC_EXT2_GETFLAGS not the default error case needs it. Signed-off-by: N Christoph Hellwig <hch@tuxera.com>
249e6353 · Christoph Hellwig · 0f44fbd2 · 249e6353
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

fs/hfsplus/ioctl.c fs/hfsplus/ioctl.c +2 -2

未找到文件。
--- a/fs/hfsplus/ioctl.c
+++ b/fs/hfsplus/ioctl.c
@@ -26,7 +26,6 @@ long hfsplus_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 	struct inode *inode = filp->f_path.dentry->d_inode;
 	unsigned int flags;
-	lock_kernel();
 	switch (cmd) {
 	case HFSPLUS_IOC_EXT2_GETFLAGS:
 		flags = 0;
@@ -39,6 +38,8 @@ long hfsplus_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 		return put_user(flags, (int __user *)arg);
 	case HFSPLUS_IOC_EXT2_SETFLAGS: {
 		int err = 0;
+		lock_kernel();
 		err = mnt_want_write(filp->f_path.mnt);
 		if (err) {
 			unlock_kernel();
@@ -93,7 +94,6 @@ long hfsplus_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 		return err;
 	}
 	default:
-		unlock_kernel();
 		return -ENOTTY;
 	}
 }