diff options
author | Jan Harkes <jaharkes@cs.cmu.edu> | 2007-07-19 01:48:41 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-19 10:04:48 -0700 |
commit | 38c2e4370da495813ca93d7cad31ed5090e8c310 (patch) | |
tree | bf48c4a17f3f2f7cf17a20e37f55f898a332a2c7 | |
parent | 18991197b4b588255ccabf472ebc84db7b66a19c (diff) | |
download | linux-3.10-38c2e4370da495813ca93d7cad31ed5090e8c310.tar.gz linux-3.10-38c2e4370da495813ca93d7cad31ed5090e8c310.tar.bz2 linux-3.10-38c2e4370da495813ca93d7cad31ed5090e8c310.zip |
coda: do not grab an uninitialized fd when the open upcall returns an error
When open fails the fd in the response is uninitialized and we ended up taking
a reference on the file struct and never released it.
Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/coda/file.c | 7 | ||||
-rw-r--r-- | fs/coda/psdev.c | 3 | ||||
-rw-r--r-- | fs/coda/upcall.c | 10 |
3 files changed, 12 insertions, 8 deletions
diff --git a/fs/coda/file.c b/fs/coda/file.c index 99dbe866816..e7d622709c9 100644 --- a/fs/coda/file.c +++ b/fs/coda/file.c @@ -143,8 +143,11 @@ int coda_open(struct inode *coda_inode, struct file *coda_file) lock_kernel(); error = venus_open(coda_inode->i_sb, coda_i2f(coda_inode), coda_flags, - &host_file); - if (error || !host_file) { + &host_file); + if (!host_file) + error = -EIO; + + if (error) { kfree(cfi); unlock_kernel(); return error; diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c index 803aacf0d49..09382d47a4e 100644 --- a/fs/coda/psdev.c +++ b/fs/coda/psdev.c @@ -195,7 +195,8 @@ static ssize_t coda_psdev_write(struct file *file, const char __user *buf, if (req->uc_opcode == CODA_OPEN_BY_FD) { struct coda_open_by_fd_out *outp = (struct coda_open_by_fd_out *)req->uc_data; - outp->fh = fget(outp->fd); + if (!outp->oh.result) + outp->fh = fget(outp->fd); } wake_up(&req->uc_sleep); diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c index 5faacdb1a47..1651b918219 100644 --- a/fs/coda/upcall.c +++ b/fs/coda/upcall.c @@ -251,12 +251,12 @@ int venus_open(struct super_block *sb, struct CodaFid *fid, insize = SIZE(open_by_fd); UPARG(CODA_OPEN_BY_FD); - inp->coda_open.VFid = *fid; - inp->coda_open.flags = flags; + inp->coda_open_by_fd.VFid = *fid; + inp->coda_open_by_fd.flags = flags; - error = coda_upcall(coda_sbp(sb), insize, &outsize, inp); - - *fh = outp->coda_open_by_fd.fh; + error = coda_upcall(coda_sbp(sb), insize, &outsize, inp); + if (!error) + *fh = outp->coda_open_by_fd.fh; CODA_FREE(inp, insize); return error; |