Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a5fb8e6c authored by David Howells's avatar David Howells
Browse files

afs: Fix leak in afs_lookup_cell_rcu() 



Fix a leak on the cell refcount in afs_lookup_cell_rcu() due to
non-clearance of the default error in the case a NULL cell name is passed
and the workstation default cell is used.

Also put a bit at the end to make sure we don't leak a cell ref if we're
going to be returning an error.

This leak results in an assertion like the following when the kafs module is
unloaded:

	AFS: Assertion failed
	2 == 1 is false
	0x2 == 0x1 is false
	------------[ cut here ]------------
	kernel BUG at fs/afs/cell.c:770!
	...
	RIP: 0010:afs_manage_cells+0x220/0x42f [kafs]
	...
	 process_one_work+0x4c2/0x82c
	 ? pool_mayday_timeout+0x1e1/0x1e1
	 ? do_raw_spin_lock+0x134/0x175
	 worker_thread+0x336/0x4a6
	 ? rescuer_thread+0x4af/0x4af
	 kthread+0x1de/0x1ee
	 ? kthread_park+0xd4/0xd4
	 ret_from_fork+0x24/0x30

Fixes: 989782dc ("afs: Overhaul cell database management")
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent d1abaeb3

fs/afs/cell.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -74,6 +74,7 @@ struct afs_cell *afs_lookup_cell_rcu(struct afs_net *net, 
			cell = rcu_dereference_raw(net->ws_cell);

			cell = rcu_dereference_raw(net->ws_cell);

			if (cell) {

			if (cell) {

				afs_get_cell(cell);

				afs_get_cell(cell);

				ret = 0;

				break;

				break;

			}

			}

			ret = -EDESTADDRREQ;

			ret = -EDESTADDRREQ;
@@ -108,6 +109,9 @@ struct afs_cell *afs_lookup_cell_rcu(struct afs_net *net, 




	done_seqretry(&net->cells_lock, seq);

	done_seqretry(&net->cells_lock, seq);





	if (ret != 0 && cell)

		afs_put_cell(net, cell);



	return ret == 0 ? cell : ERR_PTR(ret);

	return ret == 0 ? cell : ERR_PTR(ret);

}

}