aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOleg Drokin <green@linuxhacker.ru>2006-01-10 09:28:45 -0800
committerChris Wright <chrisw@sous-sol.org>2006-02-09 23:20:05 -0800
commite8ef6e326e777417a4287e114751e89444d99082 (patch)
treeadd5fa54b61623c8f54da6584dac85e9b4a414f4
parenta9532d48ec7403bcab71518f1116eb9c7746053c (diff)
downloadlinux-linaro-stable-e8ef6e326e777417a4287e114751e89444d99082.tar.gz
[PATCH] d_instantiate_unique / NFS inode leakage
If we have found aliased dentry that we return, inode reference is not dropped and inode is not attached anywhere, so it seems the reference to inode is leaked in that case. Cc: Trond Myklebust <trond.myklebust@fys.uio.no>, Cc: <viro@parcelfarce.linux.theplanet.co.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--fs/dcache.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/dcache.c b/fs/dcache.c
index 17e439138681..f3efeaffd79a 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -808,10 +808,14 @@ void d_instantiate(struct dentry *entry, struct inode * inode)
*
* Fill in inode information in the entry. On success, it returns NULL.
* If an unhashed alias of "entry" already exists, then we return the
- * aliased dentry instead.
+ * aliased dentry instead and drop one reference to inode.
*
* Note that in order to avoid conflicts with rename() etc, the caller
* had better be holding the parent directory semaphore.
+ *
+ * This also assumes that the inode count has been incremented
+ * (or otherwise set) by the caller to indicate that it is now
+ * in use by the dcache.
*/
struct dentry *d_instantiate_unique(struct dentry *entry, struct inode *inode)
{
@@ -838,6 +842,7 @@ struct dentry *d_instantiate_unique(struct dentry *entry, struct inode *inode)
dget_locked(alias);
spin_unlock(&dcache_lock);
BUG_ON(!d_unhashed(alias));
+ iput(inode);
return alias;
}
list_add(&entry->d_alias, &inode->i_dentry);