From: Jan Harkes Date: Thu, 19 Jul 2007 08:48:41 +0000 (-0700) Subject: coda: do not grab an uninitialized fd when the open upcall returns an error X-Git-Tag: v2.6.23-rc1~387 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=38c2e4370da495813ca93d7cad31ed5090e8c310;p=linux-2.6-omap-h63xx.git coda: do not grab an uninitialized fd when the open upcall returns an error When open fails the fd in the response is uninitialized and we ended up taking a reference on the file struct and never released it. Signed-off-by: Jan Harkes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/coda/file.c b/fs/coda/file.c index 99dbe866816..e7d622709c9 100644 --- a/fs/coda/file.c +++ b/fs/coda/file.c @@ -143,8 +143,11 @@ int coda_open(struct inode *coda_inode, struct file *coda_file) lock_kernel(); error = venus_open(coda_inode->i_sb, coda_i2f(coda_inode), coda_flags, - &host_file); - if (error || !host_file) { + &host_file); + if (!host_file) + error = -EIO; + + if (error) { kfree(cfi); unlock_kernel(); return error; diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c index 803aacf0d49..09382d47a4e 100644 --- a/fs/coda/psdev.c +++ b/fs/coda/psdev.c @@ -195,7 +195,8 @@ static ssize_t coda_psdev_write(struct file *file, const char __user *buf, if (req->uc_opcode == CODA_OPEN_BY_FD) { struct coda_open_by_fd_out *outp = (struct coda_open_by_fd_out *)req->uc_data; - outp->fh = fget(outp->fd); + if (!outp->oh.result) + outp->fh = fget(outp->fd); } wake_up(&req->uc_sleep); diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c index 5faacdb1a47..1651b918219 100644 --- a/fs/coda/upcall.c +++ b/fs/coda/upcall.c @@ -251,12 +251,12 @@ int venus_open(struct super_block *sb, struct CodaFid *fid, insize = SIZE(open_by_fd); UPARG(CODA_OPEN_BY_FD); - inp->coda_open.VFid = *fid; - inp->coda_open.flags = flags; + inp->coda_open_by_fd.VFid = *fid; + inp->coda_open_by_fd.flags = flags; - error = coda_upcall(coda_sbp(sb), insize, &outsize, inp); - - *fh = outp->coda_open_by_fd.fh; + error = coda_upcall(coda_sbp(sb), insize, &outsize, inp); + if (!error) + *fh = outp->coda_open_by_fd.fh; CODA_FREE(inp, insize); return error;