aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-01-13 17:32:40 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2009-04-05 13:48:26 -0400
commit318b6d3d7ddbcad3d6867e630711b8a705d873d7 (patch)
treebdf1d75e26b1dc5ea4db67c6061f444c26eb9799 /kernel
parent6d208da89aabee8502debe842832ca0ab298d16d (diff)
downloadkernel_samsung_smdk4412-318b6d3d7ddbcad3d6867e630711b8a705d873d7.tar.gz
kernel_samsung_smdk4412-318b6d3d7ddbcad3d6867e630711b8a705d873d7.tar.bz2
kernel_samsung_smdk4412-318b6d3d7ddbcad3d6867e630711b8a705d873d7.zip
audit: incorrect ref counting in audit tree tag_chunk
tag_chunk has bad exit paths in which the inotify ref counting is wrong. At the top of the function we found &old_watch using inotify_find_watch(). inotify_find_watch takes a reference to the watch. This is never dropped on an error path. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/audit_tree.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 8ad9545b8db..917ab952556 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -385,6 +385,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
mutex_lock(&inode->inotify_mutex);
if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) {
mutex_unlock(&inode->inotify_mutex);
+ put_inotify_watch(&old->watch);
free_chunk(chunk);
return -ENOSPC;
}
@@ -394,6 +395,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
chunk->dead = 1;
inotify_evict_watch(&chunk->watch);
mutex_unlock(&inode->inotify_mutex);
+ put_inotify_watch(&old->watch);
put_inotify_watch(&chunk->watch);
return 0;
}