From: Miklos Szeredi mszeredi@redhat.com
mainline inclusion from mainline-5.10.62 commit ef2d68ef9a3bff68915e6fdf5b61822bd1f6af4c bugzilla: 182217 https://gitee.com/openeuler/kernel/issues/I4EFOS
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
[ Upstream commit 580c610429b3994e8db24418927747cf28443cde ]
One error path can result in release_dentry_name_snapshot() being called before "name" was initialized by take_dentry_name_snapshot().
Fix by moving the release_dentry_name_snapshot() to immediately after the only use.
Reported-by: Colin Ian King colin.king@canonical.com Signed-off-by: Miklos Szeredi mszeredi@redhat.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Chen Jun chenjun102@huawei.com Acked-by: Weilong Chen chenweilong@huawei.com
Signed-off-by: Chen Jun chenjun102@huawei.com --- fs/overlayfs/export.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c index ed35be3fafc6..f469982dcb36 100644 --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -390,6 +390,7 @@ static struct dentry *ovl_lookup_real_one(struct dentry *connected, */ take_dentry_name_snapshot(&name, real); this = lookup_one_len(name.name.name, connected, name.name.len); + release_dentry_name_snapshot(&name); err = PTR_ERR(this); if (IS_ERR(this)) { goto fail; @@ -404,7 +405,6 @@ static struct dentry *ovl_lookup_real_one(struct dentry *connected, }
out: - release_dentry_name_snapshot(&name); dput(parent); inode_unlock(dir); return this;