fix inode leaks on d_splice_alias() failure exits

commit 51486b900ee92856b977eacfc5bfbe6565028070 upstream.

d_splice_alias() callers expect it to either stash the inode reference
into a new alias, or drop the inode reference.  That makes it possible
to just return d_splice_alias() result from ->lookup() instance, without
any extra housekeeping required.

Unfortunately, that should include the failure exits.  If d_splice_alias()
returns an error, it leaves the dentry it has been given negative and
thus it *must* drop the inode reference.  Easily fixed, but it goes way
back and will need backporting.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/dcache.c b/fs/dcache.c
index e7484f9c73b4de22602f4e5b41d56cd966d4172f..34b40be8af1158d14983af5088ea54f7832776cc 100644 (file)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
                        if (!IS_ROOT(new)) {
                                spin_unlock(&inode->i_lock);
                                dput(new);
+                               iput(inode);
                                return ERR_PTR(-EIO);
                        }
                        if (d_ancestor(new, dentry)) {
                                spin_unlock(&inode->i_lock);
                                dput(new);
+                               iput(inode);
                                return ERR_PTR(-EIO);
                        }
                        write_seqlock(&rename_lock);