From b8bc83ab4dcbc9938b95a90bbb50d89d1904d5ab Mon Sep 17 00:00:00 2001
From: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>
Date: Thu, 15 Jul 2010 13:25:06 +0100
Subject: [PATCH] securityfs: Drop dentry reference count when mknod fails

lookup_one_len increments dentry reference count which is not decremented
when the create operation fails. This can cause a kernel BUG at
fs/dcache.c:676 at unmount time. Also error code returned when new_inode()
fails was replaced with more appropriate -ENOMEM.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/inode.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/inode.c b/security/inode.c
index 1c812e874504..8c777f022ad1 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -86,7 +86,7 @@ static int mknod(struct inode *dir, struct dentry *dentry,
 			 int mode, dev_t dev)
 {
 	struct inode *inode;
-	int error = -EPERM;
+	int error = -ENOMEM;
 
 	if (dentry->d_inode)
 		return -EEXIST;
@@ -166,6 +166,8 @@ static int create_by_name(const char *name, mode_t mode,
 			error = mkdir(parent->d_inode, *dentry, mode);
 		else
 			error = create(parent->d_inode, *dentry, mode);
+		if (error)
+			dput(*dentry);
 	} else
 		error = PTR_ERR(*dentry);
 	mutex_unlock(&parent->d_inode->i_mutex);
-- 
GitLab