summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-05-16 11:46:58 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2019-05-16 11:46:58 -0700
commit4e785e8d9947f0f75e39cf3034dd6f55170c514b (patch)
treeab5941a7193b8bc504c62c81f8f6ac3caa47e69a /fs
parent27ebbf9d5bc0ab0a8ca875119e0ce4cd267fa2fc (diff)
parent35399f87e271f7cf3048eab00a421a6519ac8441 (diff)
Merge tag 'configfs-for-5.2' of git://git.infradead.org/users/hch/configfs
Pull configfs update from Christoph Hellwig: - a fix for an error path use after free (YueHaibing) * tag 'configfs-for-5.2' of git://git.infradead.org/users/hch/configfs: configfs: fix possible use-after-free in configfs_register_group
Diffstat (limited to 'fs')
-rw-r--r--fs/configfs/dir.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index 591e82ba443c..5e7932d668ab 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -1757,12 +1757,19 @@ int configfs_register_group(struct config_group *parent_group,
inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
ret = create_default_group(parent_group, group);
- if (!ret) {
- spin_lock(&configfs_dirent_lock);
- configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
- spin_unlock(&configfs_dirent_lock);
- }
+ if (ret)
+ goto err_out;
+
+ spin_lock(&configfs_dirent_lock);
+ configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
+ spin_unlock(&configfs_dirent_lock);
+ inode_unlock(d_inode(parent));
+ return 0;
+err_out:
inode_unlock(d_inode(parent));
+ mutex_lock(&subsys->su_mutex);
+ unlink_group(group);
+ mutex_unlock(&subsys->su_mutex);
return ret;
}
EXPORT_SYMBOL(configfs_register_group);