From: Olga Kornievskaia kolga@netapp.com
stable inclusion from stable-v5.10.140 commit 5e49ea099850feadcbf33c74b4f514a3e8049b91 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I63FTT
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit fcfc8be1e9cf2f12b50dce8b579b3ae54443a014 ]
A destination server while doing a COPY shouldn't accept using the passed in filehandle if its not a regular filehandle.
If alloc_file_pseudo() has failed, we need to decrement a reference on the newly created inode, otherwise it leaks.
Reported-by: Al Viro viro@zeniv.linux.org.uk Fixes: ec4b092508982 ("NFS: inter ssc open") Signed-off-by: Olga Kornievskaia kolga@netapp.com Signed-off-by: Trond Myklebust trond.myklebust@hammerspace.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com Reviewed-by: Wei Li liwei391@huawei.com --- fs/nfs/nfs4file.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c index 33481c8fc131..fc95b2a0ef9f 100644 --- a/fs/nfs/nfs4file.c +++ b/fs/nfs/nfs4file.c @@ -338,6 +338,11 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, goto out; }
+ if (!S_ISREG(fattr->mode)) { + res = ERR_PTR(-EBADF); + goto out; + } + res = ERR_PTR(-ENOMEM); len = strlen(SSC_READ_NAME_BODY) + 16; read_name = kzalloc(len, GFP_NOFS); @@ -356,6 +361,7 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, r_ino->i_fop); if (IS_ERR(filep)) { res = ERR_CAST(filep); + iput(r_ino); goto out_free_name; } filep->f_mode |= FMODE_READ;