The file_info struct is being released, and then one of its members is
referenced from the released memory. This patch cleans up the function
and moves the release so that it occurs after the reference.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/file.c | 15 ++++++---------
1 files changed, 6 insertions(+), 9 deletions(-)
1e22635a873a0b0179a8b033e75234dd83a3bb9f
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index c4ea9f0..b9cdb85 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -304,18 +304,15 @@ static int ecryptfs_flush(struct file *f
return rc;
}
-static int ecryptfs_release(struct inode *ecryptfs_inode, struct file *file)
+static int ecryptfs_release(struct inode *inode, struct file *file)
{
- struct file *lower_file;
- struct ecryptfs_file_info *file_info;
- struct inode *lower_inode;
+ struct file *lower_file = ecryptfs_file_to_lower(file);
+ struct ecryptfs_file_info *file_info = ecryptfs_file_to_private(file);
+ struct inode *lower_inode = ecryptfs_inode_to_lower(inode);
- file_info = ecryptfs_file_to_private(file);
- kmem_cache_free(ecryptfs_file_info_cache, file_info);
- lower_file = ecryptfs_file_to_lower(file);
fput(lower_file);
- lower_inode = ecryptfs_inode_to_lower(ecryptfs_inode);
- ecryptfs_inode->i_blocks = lower_inode->i_blocks;
+ inode->i_blocks = lower_inode->i_blocks;
+ kmem_cache_free(ecryptfs_file_info_cache, file_info);
return 0;
}
--
1.3.3