Received: by 2002:a25:d783:0:0:0:0:0 with SMTP id o125csp658686ybg; Thu, 19 Mar 2020 06:32:52 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvMU6XQ5potVIDFw3OH8FTZj60MHd8DOHgsJBcoQ2KUjosJH511L5+zGpt6jUe4zUMBIwP+ X-Received: by 2002:a05:6808:9ac:: with SMTP id e12mr1995278oig.149.1584624772613; Thu, 19 Mar 2020 06:32:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584624772; cv=none; d=google.com; s=arc-20160816; b=oVlNW/f/UJrRhWzyy4JaHJgLjPutqPCJKA9KKkJfe7RQB+BCwkck+Mo+RF+95a3BZ1 S55AQHqSzDuFVT+wmWOUmEFafZSFi5dEVijUxo3Y6zB0ao6kDEUluHt3+fomlfioTZxj Gkvr4ib6rkp5T+kVkKNn1RW7I2/YjtR2uyVdM+zVI2p+vqJEV0GruoeSNvmzZqQ9IxY6 6DPw5wgUsy1FJemntpjjXkFMYHFPkjxVbzoOV/ZiGYjOCpKmgacARmB1gn9JYxV0ZeqS cUUFFvYYZW95grQvwpmgXnEfzCg142TigIaK6/+sxLAYsMzNwsm8cqOCuteUP+oHkuGE iNkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=F0gnWDBbtnoDdartGwn/JXHNyosfFSGLYO+a6uOnRzk=; b=xzxronwseTKivWr6K9nFDmi/yH6ci4paDcPu17ng2FFk4VEshT3Eh3bWtL/55tRtvG YLbZsrLE3PiekP1uHRH1xKJIGUUrZqZ0OOoafT/Pcdl+txnHGSORPExz5/3AcXHD8rCJ bsRMyYdl/8jDLC5CdXozPTxGNp7ubpL51EBlYyY7glcwZoCCFn/wMgj2pG8W3Zw4Ii6m Iylplnc1Ky/MDSlP1/pJUifBC83OTeDZQnJdBLxyXxL+S2qSzVlNLHQNGyJdDbjxo71o 7LOQTdWNu9f6+v6p2tQy9775vrjw1UJry6pA60GFjF3e3HOOOwLlGRCVQ/gwl94V3wug H3Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gzTyZUf4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f6si1304589otq.50.2020.03.19.06.32.39; Thu, 19 Mar 2020 06:32:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gzTyZUf4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729462AbgCSNQE (ORCPT + 99 others); Thu, 19 Mar 2020 09:16:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:36110 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729478AbgCSNQC (ORCPT ); Thu, 19 Mar 2020 09:16:02 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7829720724; Thu, 19 Mar 2020 13:16:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1584623761; bh=lyNKpJMdv/hRGrY6vQ5FO5YBieAql1r3tO2rsCM3OB8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gzTyZUf4940+pgnYFLIxvCLyThXCpun4nI1cUxnh3yFC/8I5NuTEHORJ/o/dpkKIs m78SnccjdhWwC1SzNUb39/CbVj1lOnqtILiEvSJGBZpD13TiV3yqdSSNJLCWAFzgjs Qhobb6nijUKFC9xQMvPqfO20MdA1wojbLhrFZyWQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Al Viro , stable@kernel.org Subject: [PATCH 4.14 45/99] cifs_atomic_open(): fix double-put on late allocation failure Date: Thu, 19 Mar 2020 14:03:23 +0100 Message-Id: <20200319123955.571682852@linuxfoundation.org> X-Mailer: git-send-email 2.25.2 In-Reply-To: <20200319123941.630731708@linuxfoundation.org> References: <20200319123941.630731708@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Al Viro commit d9a9f4849fe0c9d560851ab22a85a666cddfdd24 upstream. several iterations of ->atomic_open() calling conventions ago, we used to need fput() if ->atomic_open() failed at some point after successful finish_open(). Now (since 2016) it's not needed - struct file carries enough state to make fput() work regardless of the point in struct file lifecycle and discarding it on failure exits in open() got unified. Unfortunately, I'd missed the fact that we had an instance of ->atomic_open() (cifs one) that used to need that fput(), as well as the stale comment in finish_open() demanding such late failure handling. Trivially fixed... Fixes: fe9ec8291fca "do_last(): take fput() on error after opening to out:" Cc: stable@kernel.org # v4.7+ Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- Documentation/filesystems/porting | 7 +++++++ fs/cifs/dir.c | 1 - fs/open.c | 3 --- 3 files changed, 7 insertions(+), 4 deletions(-) --- a/Documentation/filesystems/porting +++ b/Documentation/filesystems/porting @@ -606,3 +606,10 @@ in your dentry operations instead. dentry separately, and it now has request_mask and query_flags arguments to specify the fields and sync type requested by statx. Filesystems not supporting any statx-specific features may ignore the new arguments. +-- +[mandatory] + + [should've been added in 2016] stale comment in finish_open() + nonwithstanding, failure exits in ->atomic_open() instances should + *NOT* fput() the file, no matter what. Everything is handled by the + caller. --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c @@ -562,7 +562,6 @@ cifs_atomic_open(struct inode *inode, st if (server->ops->close) server->ops->close(xid, tcon, &fid); cifs_del_pending_open(&open); - fput(file); rc = -ENOMEM; } --- a/fs/open.c +++ b/fs/open.c @@ -824,9 +824,6 @@ cleanup_file: * the return value of d_splice_alias(), then the caller needs to perform dput() * on it after finish_open(). * - * On successful return @file is a fully instantiated open file. After this, if - * an error occurs in ->atomic_open(), it needs to clean up with fput(). - * * Returns zero on success or -errno if the open failed. */ int finish_open(struct file *file, struct dentry *dentry,