From: Greg Kroah-Hartman Date: Mon, 16 Mar 2020 11:40:19 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v4.19.111~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1b44e5d16b2201a5b8ec2d4f31f91756033a048e;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch --- diff --git a/queue-4.9/cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch b/queue-4.9/cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch new file mode 100644 index 00000000000..4cf0d80b9cf --- /dev/null +++ b/queue-4.9/cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch @@ -0,0 +1,66 @@ +From d9a9f4849fe0c9d560851ab22a85a666cddfdd24 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Thu, 12 Mar 2020 18:25:20 -0400 +Subject: cifs_atomic_open(): fix double-put on late allocation failure + +From: Al Viro + +commit d9a9f4849fe0c9d560851ab22a85a666cddfdd24 upstream. + +several iterations of ->atomic_open() calling conventions ago, we +used to need fput() if ->atomic_open() failed at some point after +successful finish_open(). Now (since 2016) it's not needed - +struct file carries enough state to make fput() work regardless +of the point in struct file lifecycle and discarding it on +failure exits in open() got unified. Unfortunately, I'd missed +the fact that we had an instance of ->atomic_open() (cifs one) +that used to need that fput(), as well as the stale comment in +finish_open() demanding such late failure handling. Trivially +fixed... + +Fixes: fe9ec8291fca "do_last(): take fput() on error after opening to out:" +Cc: stable@kernel.org # v4.7+ +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/filesystems/porting | 7 +++++++ + fs/cifs/dir.c | 1 - + fs/open.c | 3 --- + 3 files changed, 7 insertions(+), 4 deletions(-) + +--- a/Documentation/filesystems/porting ++++ b/Documentation/filesystems/porting +@@ -596,3 +596,10 @@ in your dentry operations instead. + [mandatory] + ->rename() has an added flags argument. Any flags not handled by the + filesystem should result in EINVAL being returned. ++-- ++[mandatory] ++ ++ [should've been added in 2016] stale comment in finish_open() ++ nonwithstanding, failure exits in ->atomic_open() instances should ++ *NOT* fput() the file, no matter what. Everything is handled by the ++ caller. +--- a/fs/cifs/dir.c ++++ b/fs/cifs/dir.c +@@ -551,7 +551,6 @@ cifs_atomic_open(struct inode *inode, st + if (server->ops->close) + server->ops->close(xid, tcon, &fid); + cifs_del_pending_open(&open); +- fput(file); + rc = -ENOMEM; + } + +--- a/fs/open.c ++++ b/fs/open.c +@@ -824,9 +824,6 @@ cleanup_file: + * the return value of d_splice_alias(), then the caller needs to perform dput() + * on it after finish_open(). + * +- * On successful return @file is a fully instantiated open file. After this, if +- * an error occurs in ->atomic_open(), it needs to clean up with fput(). +- * + * Returns zero on success or -errno if the open failed. + */ + int finish_open(struct file *file, struct dentry *dentry, diff --git a/queue-4.9/series b/queue-4.9/series index f574b968716..becc05f3d97 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -32,3 +32,4 @@ virtio-blk-fix-hw_queue-stopped-on-arbitrary-error.patch iommu-vt-d-quirk_ioat_snb_local_iommu-replace-warn_taint-with-pr_warn-add_taint.patch workqueue-don-t-use-wq_select_unbound_cpu-for-bound-works.patch drm-amd-display-remove-duplicated-assignment-to-grph_obj_type.patch +cifs_atomic_open-fix-double-put-on-late-allocation-failure.patch