From: Trond Myklebust Date: Fri, 30 Aug 2013 13:17:33 +0000 (-0400) Subject: NFS: Fix up two use-after-free issues with the new tracing code X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2d9db75005effd6d4e0c8be4f74922e4f413fbe5;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git NFS: Fix up two use-after-free issues with the new tracing code We don't want to pass the context argument to trace_nfs_atomic_open_exit() after it has been released. Reported-by: Dan Carpenter Signed-off-by: Trond Myklebust --- diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 4ce7f7696e11..d8149e916dd7 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -1399,7 +1399,6 @@ static int nfs_finish_open(struct nfs_open_context *ctx, nfs_file_set_open_context(file, ctx); out: - put_nfs_open_context(ctx); return err; } @@ -1460,9 +1459,9 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry, inode = NFS_PROTO(dir)->open_context(dir, ctx, open_flags, &attr); nfs_unblock_sillyrename(dentry->d_parent); if (IS_ERR(inode)) { - put_nfs_open_context(ctx); err = PTR_ERR(inode); trace_nfs_atomic_open_exit(dir, ctx, open_flags, err); + put_nfs_open_context(ctx); switch (err) { case -ENOENT: d_drop(dentry); @@ -1484,6 +1483,7 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry, err = nfs_finish_open(ctx, ctx->dentry, file, open_flags, opened); trace_nfs_atomic_open_exit(dir, ctx, open_flags, err); + put_nfs_open_context(ctx); out: return err;