diff options
author | Miklos Szeredi <mszeredi@redhat.com> | 2021-08-06 10:03:12 +0200 |
---|---|---|
committer | Miklos Szeredi <mszeredi@redhat.com> | 2021-08-10 10:21:30 +0200 |
commit | 580c610429b3994e8db24418927747cf28443cde (patch) | |
tree | a377da7383cd550a28d49a7c9aaf644f42912f0b /fs/overlayfs/export.c | |
parent | ovl: fix deadlock in splice write (diff) | |
download | linux-580c610429b3994e8db24418927747cf28443cde.tar.xz linux-580c610429b3994e8db24418927747cf28443cde.zip |
ovl: fix uninitialized pointer read in ovl_lookup_real_one()
One error path can result in release_dentry_name_snapshot() being called
before "name" was initialized by take_dentry_name_snapshot().
Fix by moving the release_dentry_name_snapshot() to immediately after the
only use.
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/overlayfs/export.c')
-rw-r--r-- | fs/overlayfs/export.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c index 41ebf52f1bbc..ebde05c9cf62 100644 --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -392,6 +392,7 @@ static struct dentry *ovl_lookup_real_one(struct dentry *connected, */ take_dentry_name_snapshot(&name, real); this = lookup_one_len(name.name.name, connected, name.name.len); + release_dentry_name_snapshot(&name); err = PTR_ERR(this); if (IS_ERR(this)) { goto fail; @@ -406,7 +407,6 @@ static struct dentry *ovl_lookup_real_one(struct dentry *connected, } out: - release_dentry_name_snapshot(&name); dput(parent); inode_unlock(dir); return this; |