Inicio Explorar Axuda
Rexistro Iniciar sesión
phyus
/
linux-vybrid_public
8
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

audit: incorrect ref counting in audit tree tag_chunk

tag_chunk has bad exit paths in which the inotify ref counting is wrong.
At the top of the function we found &old_watch using  inotify_find_watch().
inotify_find_watch takes a reference to the watch.  This is never dropped
on an error path.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Eric Paris %!s(int64=16) %!d(string=hai) anos
pai
6d208da89a
achega
318b6d3d7d
Modificáronse 1 ficheiros con 2 adicións e 0 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 2 0
      kernel/audit_tree.c

+ 2 - 0
kernel/audit_tree.c
Ver ficheiro 

@@ -385,6 +385,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
 
 	mutex_lock(&inode->inotify_mutex);
 
 	mutex_lock(&inode->inotify_mutex);
 
 	if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) {
 
 	if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) {
 
 		mutex_unlock(&inode->inotify_mutex);
 
 		mutex_unlock(&inode->inotify_mutex);
 
+		put_inotify_watch(&old->watch);
 
 		free_chunk(chunk);
 
 		free_chunk(chunk);
 
 		return -ENOSPC;
 
 		return -ENOSPC;
 
 	}
 
 	}
 
@@ -394,6 +395,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
 
 		chunk->dead = 1;
 
 		chunk->dead = 1;
 
 		inotify_evict_watch(&chunk->watch);
 
 		inotify_evict_watch(&chunk->watch);
 
 		mutex_unlock(&inode->inotify_mutex);
 
 		mutex_unlock(&inode->inotify_mutex);
 
+		put_inotify_watch(&old->watch);
 
 		put_inotify_watch(&chunk->watch);
 
 		put_inotify_watch(&chunk->watch);
 
 		return 0;
 
 		return 0;
 
 	}
 
 	}