fs/mount_setattr: always cleanup mount_kattr

Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested. Cc: linux-fsdevel@vger.kernel.org Cc: stable@vger.kernel.org Fixes: 9caccd41 ("fs: introduce MOUNT_ATTR_IDMAP") Signed-off-by: N Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>

fs/mount_setattr: always cleanup mount_kattr
Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested. Cc: linux-fsdevel@vger.kernel.org Cc: stable@vger.kernel.org Fixes: 9caccd41 ("fs: introduce MOUNT_ATTR_IDMAP") Signed-off-by: N Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>
012e3322 · Christian Brauner · Linus Torvalds · 74c78b42 · 012e3322
隐藏空白更改
内联并排

Showing with 4 addition and 5 deletion

fs/namespace.c fs/namespace.c +4 -5

未找到文件。
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4263,12 +4263,11 @@ SYSCALL_DEFINE5(mount_setattr, int, dfd, const char __user *, path,
 		return err;

 	err = user_path_at(dfd, path, kattr.lookup_flags, &target);
-	if (err)
-		return err;
-
-	err = do_mount_setattr(&target, &kattr);
+	if (!err) {
+		err = do_mount_setattr(&target, &kattr);
+		path_put(&target);
+	}
 	finish_mount_kattr(&kattr);
-	path_put(&target);
 	return err;
 }