From: Dan Carpenter <dan.carpenter@oracle.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: linux-fsdevel@vger.kernel.org, kernel-janitors@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Namjae Jeon" <namjae.jeon@samsung.com>,
"Sungjong Seo" <sj1557.seo@samsung.com>,
"Pali Rohár" <pali@kernel.org>,
"Tetsuhiro Kohada" <kohada.t2@gmail.com>,
"Wei Yongjun" <weiyongjun1@huawei.com>
Subject: [PATCH v2] exfat: add missing brelse() calls on error paths
Date: Wed, 10 Jun 2020 20:22:13 +0300 [thread overview]
Message-ID: <20200610172213.GA90634@mwanda> (raw)
In-Reply-To: <6939014a-adbf-f970-2541-df16d35de7e5@web.de>
If the second exfat_get_dentry() call fails then we need to release
"old_bh" before returning. There is a similar bug in exfat_move_file().
Fixes: 5f2aa075070c ("exfat: add inode operations")
Reported-by: Markus Elfring <Markus.Elfring@web.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: fix exfat_move_file() as well. Also add a Fixes tag.
fs/exfat/namei.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c
index 5b0f35329d63e..edd8023865a0e 100644
--- a/fs/exfat/namei.c
+++ b/fs/exfat/namei.c
@@ -1077,10 +1077,14 @@ static int exfat_rename_file(struct inode *inode, struct exfat_chain *p_dir,
epold = exfat_get_dentry(sb, p_dir, oldentry + 1, &old_bh,
§or_old);
+ if (!epold)
+ return -EIO;
epnew = exfat_get_dentry(sb, p_dir, newentry + 1, &new_bh,
§or_new);
- if (!epold || !epnew)
+ if (!epnew) {
+ brelse(old_bh);
return -EIO;
+ }
memcpy(epnew, epold, DENTRY_SIZE);
exfat_update_bh(sb, new_bh, sync);
@@ -1161,10 +1165,14 @@ static int exfat_move_file(struct inode *inode, struct exfat_chain *p_olddir,
epmov = exfat_get_dentry(sb, p_olddir, oldentry + 1, &mov_bh,
§or_mov);
+ if (!epmov)
+ return -EIO;
epnew = exfat_get_dentry(sb, p_newdir, newentry + 1, &new_bh,
§or_new);
- if (!epmov || !epnew)
+ if (!epnew) {
+ brelse(mov_bh);
return -EIO;
+ }
memcpy(epnew, epmov, DENTRY_SIZE);
exfat_update_bh(sb, new_bh, IS_DIRSYNC(inode));
--
2.26.2
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Markus Elfring <Markus.Elfring@web.de>
Cc: linux-fsdevel@vger.kernel.org, kernel-janitors@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Namjae Jeon" <namjae.jeon@samsung.com>,
"Sungjong Seo" <sj1557.seo@samsung.com>,
"Pali Rohár" <pali@kernel.org>,
"Tetsuhiro Kohada" <kohada.t2@gmail.com>,
"Wei Yongjun" <weiyongjun1@huawei.com>
Subject: [PATCH v2] exfat: add missing brelse() calls on error paths
Date: Wed, 10 Jun 2020 17:22:13 +0000 [thread overview]
Message-ID: <20200610172213.GA90634@mwanda> (raw)
In-Reply-To: <6939014a-adbf-f970-2541-df16d35de7e5@web.de>
If the second exfat_get_dentry() call fails then we need to release
"old_bh" before returning. There is a similar bug in exfat_move_file().
Fixes: 5f2aa075070c ("exfat: add inode operations")
Reported-by: Markus Elfring <Markus.Elfring@web.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: fix exfat_move_file() as well. Also add a Fixes tag.
fs/exfat/namei.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c
index 5b0f35329d63e..edd8023865a0e 100644
--- a/fs/exfat/namei.c
+++ b/fs/exfat/namei.c
@@ -1077,10 +1077,14 @@ static int exfat_rename_file(struct inode *inode, struct exfat_chain *p_dir,
epold = exfat_get_dentry(sb, p_dir, oldentry + 1, &old_bh,
§or_old);
+ if (!epold)
+ return -EIO;
epnew = exfat_get_dentry(sb, p_dir, newentry + 1, &new_bh,
§or_new);
- if (!epold || !epnew)
+ if (!epnew) {
+ brelse(old_bh);
return -EIO;
+ }
memcpy(epnew, epold, DENTRY_SIZE);
exfat_update_bh(sb, new_bh, sync);
@@ -1161,10 +1165,14 @@ static int exfat_move_file(struct inode *inode, struct exfat_chain *p_olddir,
epmov = exfat_get_dentry(sb, p_olddir, oldentry + 1, &mov_bh,
§or_mov);
+ if (!epmov)
+ return -EIO;
epnew = exfat_get_dentry(sb, p_newdir, newentry + 1, &new_bh,
§or_new);
- if (!epmov || !epnew)
+ if (!epnew) {
+ brelse(mov_bh);
return -EIO;
+ }
memcpy(epnew, epmov, DENTRY_SIZE);
exfat_update_bh(sb, new_bh, IS_DIRSYNC(inode));
--
2.26.2
next prev parent reply other threads:[~2020-06-10 17:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-10 12:07 [PATCH] exfat: call brelse() on error path Markus Elfring
2020-06-10 12:07 ` Markus Elfring
2020-06-10 17:22 ` Dan Carpenter [this message]
2020-06-10 17:22 ` [PATCH v2] exfat: add missing brelse() calls on error paths Dan Carpenter
2020-06-10 18:12 ` Markus Elfring
2020-06-10 18:12 ` Markus Elfring
2020-06-10 18:45 ` Dan Carpenter
2020-06-10 18:45 ` Dan Carpenter
2020-06-10 18:56 ` Markus Elfring
2020-06-10 18:56 ` Markus Elfring
2020-06-10 19:22 ` Matthew Wilcox
2020-06-10 19:22 ` Matthew Wilcox
2020-06-10 20:00 ` Markus Elfring
2020-06-10 20:00 ` Markus Elfring
2020-06-11 3:41 ` [PATCH v2] " Namjae Jeon
2020-06-11 3:41 ` Namjae Jeon
2020-06-11 8:00 ` Markus Elfring
2020-06-11 8:00 ` Markus Elfring
2020-06-11 8:40 ` Markus Elfring
2020-06-11 8:40 ` Markus Elfring
-- strict thread matches above, loose matches on Subject: below --
2020-06-08 15:07 [PATCH] exfat: Fix use after free in exfat_load_upcase_table() Markus Elfring
2020-06-08 15:07 ` Markus Elfring
2020-06-08 15:52 ` Matthew Wilcox
2020-06-08 15:52 ` Matthew Wilcox
2020-06-08 20:07 ` Markus Elfring
2020-06-08 20:07 ` Markus Elfring
2020-06-09 9:10 ` [PATCH] " Greg KH
2020-06-09 9:10 ` Greg KH
2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring
2020-06-10 9:27 ` Markus Elfring
2020-06-10 9:59 ` [PATCH] exfat: call brelse() on error path Dan Carpenter
2020-06-10 9:59 ` Dan Carpenter
2020-06-10 12:14 ` exfat: Improving exception handling in two functions Markus Elfring
2020-06-10 12:14 ` Markus Elfring
2020-06-10 14:53 ` Greg KH
2020-06-10 14:53 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200610172213.GA90634@mwanda \
--to=dan.carpenter@oracle.com \
--cc=Markus.Elfring@web.de \
--cc=kernel-janitors@vger.kernel.org \
--cc=kohada.t2@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=namjae.jeon@samsung.com \
--cc=pali@kernel.org \
--cc=sj1557.seo@samsung.com \
--cc=weiyongjun1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.