Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 38c2e437 authored Jul 19, 2007 by Jan Harkes Committed by Linus Torvalds Jul 19, 2007

coda: do not grab an uninitialized fd when the open upcall returns an error



When open fails the fd in the response is uninitialized and we ended up taking
a reference on the file struct and never released it.

Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 18991197

fs/coda/file.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -144,7 +144,10 @@ int coda_open(struct inode coda_inode, struct file coda_file)

		error = venus_open(coda_inode->i_sb, coda_i2f(coda_inode), coda_flags,
		&host_file);
		if (error \|\| !host_file) {
		if (!host_file)
		error = -EIO;

		if (error) {
		kfree(cfi);
		unlock_kernel();
		return error;

fs/coda/psdev.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -195,6 +195,7 @@ static ssize_t coda_psdev_write(struct file file, const char __user buf,
		if (req->uc_opcode == CODA_OPEN_BY_FD) {
		struct coda_open_by_fd_out *outp =
		(struct coda_open_by_fd_out *)req->uc_data;
		if (!outp->oh.result)
		outp->fh = fget(outp->fd);
		}

fs/coda/upcall.c

+5 −5

Original line number	Diff line number	Diff line
		@@ -251,11 +251,11 @@ int venus_open(struct super_block sb, struct CodaFid fid,
		insize = SIZE(open_by_fd);
		UPARG(CODA_OPEN_BY_FD);

		inp->coda_open.VFid = *fid;
		inp->coda_open.flags = flags;
		inp->coda_open_by_fd.VFid = *fid;
		inp->coda_open_by_fd.flags = flags;

		error = coda_upcall(coda_sbp(sb), insize, &outsize, inp);

		if (!error)
		*fh = outp->coda_open_by_fd.fh;

		CODA_FREE(inp, insize);