Commit 28c7980
committed
Merge tag 'v6.5/vfs.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
Pull vfs fix from Christian Brauner:
"A fix for the backing file work from this cycle.
When init_file() failed it would call file_free_rcu() on the file
allocated by the caller of init_file(). It naively assumed that the
correct cleanup operation would be called depending on whether it is a
regular file or a backing file. However, that presupposes that the
FMODE_BACKING flag would already be set which it won't be as that is
done in the caller of init_file().
Fix that bug by moving the cleanup of the allocated file into the
caller where it belongs in the first place. There's no good reason for
init_file() to consume resources it didn't allocate. This is a
mainline only fix and was reported by syzbot. The fix was validated by
syzbot against the provided reproducer"
* tag 'v6.5/vfs.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
fs: move cleanup from init_file() into its callers1 file changed
Lines changed: 10 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
160 | 160 | | |
161 | 161 | | |
162 | 162 | | |
163 | | - | |
| 163 | + | |
164 | 164 | | |
165 | 165 | | |
166 | 166 | | |
| |||
208 | 208 | | |
209 | 209 | | |
210 | 210 | | |
211 | | - | |
| 211 | + | |
| 212 | + | |
212 | 213 | | |
| 214 | + | |
213 | 215 | | |
214 | 216 | | |
215 | 217 | | |
| |||
240 | 242 | | |
241 | 243 | | |
242 | 244 | | |
243 | | - | |
| 245 | + | |
| 246 | + | |
244 | 247 | | |
| 248 | + | |
245 | 249 | | |
246 | 250 | | |
247 | 251 | | |
| |||
265 | 269 | | |
266 | 270 | | |
267 | 271 | | |
268 | | - | |
| 272 | + | |
| 273 | + | |
269 | 274 | | |
| 275 | + | |
270 | 276 | | |
271 | 277 | | |
272 | 278 | | |
| |||
0 commit comments