Commit f324e4cb authored by David Woodhouse's avatar David Woodhouse

jffs2: Fix in-core inode leaks on error paths

Pointed out by Al Viro.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 5869d2c3
...@@ -360,8 +360,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char ...@@ -360,8 +360,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
/* Eeek. Wave bye bye */ /* Eeek. Wave bye bye */
mutex_unlock(&f->sem); mutex_unlock(&f->sem);
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = PTR_ERR(fn);
return PTR_ERR(fn); goto fail;
} }
/* We use f->target field to store the target path. */ /* We use f->target field to store the target path. */
...@@ -370,8 +370,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char ...@@ -370,8 +370,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
printk(KERN_WARNING "Can't allocate %d bytes of memory\n", targetlen + 1); printk(KERN_WARNING "Can't allocate %d bytes of memory\n", targetlen + 1);
mutex_unlock(&f->sem); mutex_unlock(&f->sem);
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = -ENOMEM;
return -ENOMEM; goto fail;
} }
memcpy(f->target, target, targetlen + 1); memcpy(f->target, target, targetlen + 1);
...@@ -386,30 +386,24 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char ...@@ -386,30 +386,24 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
ret = jffs2_init_security(inode, dir_i); ret = jffs2_init_security(inode, dir_i);
if (ret) { if (ret)
jffs2_clear_inode(inode); goto fail;
return ret;
}
ret = jffs2_init_acl_post(inode); ret = jffs2_init_acl_post(inode);
if (ret) { if (ret)
jffs2_clear_inode(inode); goto fail;
return ret;
}
ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen, ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
if (ret) { if (ret)
/* Eep. */ goto fail;
jffs2_clear_inode(inode);
return ret;
}
rd = jffs2_alloc_raw_dirent(); rd = jffs2_alloc_raw_dirent();
if (!rd) { if (!rd) {
/* Argh. Now we treat it like a normal delete */ /* Argh. Now we treat it like a normal delete */
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = -ENOMEM;
return -ENOMEM; goto fail;
} }
dir_f = JFFS2_INODE_INFO(dir_i); dir_f = JFFS2_INODE_INFO(dir_i);
...@@ -437,8 +431,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char ...@@ -437,8 +431,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_free_raw_dirent(rd); jffs2_free_raw_dirent(rd);
mutex_unlock(&dir_f->sem); mutex_unlock(&dir_f->sem);
jffs2_clear_inode(inode); ret = PTR_ERR(fd);
return PTR_ERR(fd); goto fail;
} }
dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(rd->mctime)); dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(rd->mctime));
...@@ -454,6 +448,11 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char ...@@ -454,6 +448,11 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
d_instantiate(dentry, inode); d_instantiate(dentry, inode);
return 0; return 0;
fail:
make_bad_inode(inode);
iput(inode);
return ret;
} }
...@@ -519,8 +518,8 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) ...@@ -519,8 +518,8 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
/* Eeek. Wave bye bye */ /* Eeek. Wave bye bye */
mutex_unlock(&f->sem); mutex_unlock(&f->sem);
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = PTR_ERR(fn);
return PTR_ERR(fn); goto fail;
} }
/* No data here. Only a metadata node, which will be /* No data here. Only a metadata node, which will be
obsoleted by the first data write obsoleted by the first data write
...@@ -531,30 +530,24 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) ...@@ -531,30 +530,24 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
ret = jffs2_init_security(inode, dir_i); ret = jffs2_init_security(inode, dir_i);
if (ret) { if (ret)
jffs2_clear_inode(inode); goto fail;
return ret;
}
ret = jffs2_init_acl_post(inode); ret = jffs2_init_acl_post(inode);
if (ret) { if (ret)
jffs2_clear_inode(inode); goto fail;
return ret;
}
ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen, ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
if (ret) { if (ret)
/* Eep. */ goto fail;
jffs2_clear_inode(inode);
return ret;
}
rd = jffs2_alloc_raw_dirent(); rd = jffs2_alloc_raw_dirent();
if (!rd) { if (!rd) {
/* Argh. Now we treat it like a normal delete */ /* Argh. Now we treat it like a normal delete */
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = -ENOMEM;
return -ENOMEM; goto fail;
} }
dir_f = JFFS2_INODE_INFO(dir_i); dir_f = JFFS2_INODE_INFO(dir_i);
...@@ -582,8 +575,8 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) ...@@ -582,8 +575,8 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_free_raw_dirent(rd); jffs2_free_raw_dirent(rd);
mutex_unlock(&dir_f->sem); mutex_unlock(&dir_f->sem);
jffs2_clear_inode(inode); ret = PTR_ERR(fd);
return PTR_ERR(fd); goto fail;
} }
dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(rd->mctime)); dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(rd->mctime));
...@@ -600,6 +593,11 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode) ...@@ -600,6 +593,11 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
d_instantiate(dentry, inode); d_instantiate(dentry, inode);
return 0; return 0;
fail:
make_bad_inode(inode);
iput(inode);
return ret;
} }
static int jffs2_rmdir (struct inode *dir_i, struct dentry *dentry) static int jffs2_rmdir (struct inode *dir_i, struct dentry *dentry)
...@@ -693,8 +691,8 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de ...@@ -693,8 +691,8 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
/* Eeek. Wave bye bye */ /* Eeek. Wave bye bye */
mutex_unlock(&f->sem); mutex_unlock(&f->sem);
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = PTR_ERR(fn);
return PTR_ERR(fn); goto fail;
} }
/* No data here. Only a metadata node, which will be /* No data here. Only a metadata node, which will be
obsoleted by the first data write obsoleted by the first data write
...@@ -705,30 +703,24 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de ...@@ -705,30 +703,24 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
ret = jffs2_init_security(inode, dir_i); ret = jffs2_init_security(inode, dir_i);
if (ret) { if (ret)
jffs2_clear_inode(inode); goto fail;
return ret;
}
ret = jffs2_init_acl_post(inode); ret = jffs2_init_acl_post(inode);
if (ret) { if (ret)
jffs2_clear_inode(inode); goto fail;
return ret;
}
ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen, ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
if (ret) { if (ret)
/* Eep. */ goto fail;
jffs2_clear_inode(inode);
return ret;
}
rd = jffs2_alloc_raw_dirent(); rd = jffs2_alloc_raw_dirent();
if (!rd) { if (!rd) {
/* Argh. Now we treat it like a normal delete */ /* Argh. Now we treat it like a normal delete */
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_clear_inode(inode); ret = -ENOMEM;
return -ENOMEM; goto fail;
} }
dir_f = JFFS2_INODE_INFO(dir_i); dir_f = JFFS2_INODE_INFO(dir_i);
...@@ -759,8 +751,8 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de ...@@ -759,8 +751,8 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
jffs2_complete_reservation(c); jffs2_complete_reservation(c);
jffs2_free_raw_dirent(rd); jffs2_free_raw_dirent(rd);
mutex_unlock(&dir_f->sem); mutex_unlock(&dir_f->sem);
jffs2_clear_inode(inode); ret = PTR_ERR(fd);
return PTR_ERR(fd); goto fail;
} }
dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(rd->mctime)); dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(rd->mctime));
...@@ -777,6 +769,11 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de ...@@ -777,6 +769,11 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
d_instantiate(dentry, inode); d_instantiate(dentry, inode);
return 0; return 0;
fail:
make_bad_inode(inode);
iput(inode);
return ret;
} }
static int jffs2_rename (struct inode *old_dir_i, struct dentry *old_dentry, static int jffs2_rename (struct inode *old_dir_i, struct dentry *old_dentry,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment