[Devel] [PATCH RHEL7 COMMIT] ms/rpc_pipefs: fix double-dput()
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Aug 16 16:21:14 MSK 2018
The commit is pushed to "branch-rh7-3.10.0-862.11.6.vz7.71.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.11.6.vz7.71.1
------>
commit 157652ae809bce1f6971c6964700d4fb9b5c6a25
Author: Al Viro <viro at zeniv.linux.org.uk>
Date: Thu Aug 16 16:21:14 2018 +0300
ms/rpc_pipefs: fix double-dput()
ms commit 4a3877c4cedd
if we ever hit rpc_gssd_dummy_depopulate() dentry passed to
it has refcount equal to 1. __rpc_rmpipe() drops it and
dput() done after that hits an already freed dentry.
In scope of https://jira.sw.ru/browse/PSBM-73001
Cc: stable at kernel.org
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
net/sunrpc/rpc_pipe.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index acdc3478d728..62d442aad553 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -1384,6 +1384,7 @@ rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry)
struct dentry *clnt_dir = pipe_dentry->d_parent;
struct dentry *gssd_dir = clnt_dir->d_parent;
+ dget(pipe_dentry);
__rpc_rmpipe(clnt_dir->d_inode, pipe_dentry);
__rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1);
__rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1);
More information about the Devel
mailing list