From 38c2e4370da495813ca93d7cad31ed5090e8c310 Mon Sep 17 00:00:00 2001 From: Jan Harkes Date: Thu, 19 Jul 2007 01:48:41 -0700 Subject: coda: do not grab an uninitialized fd when the open upcall returns an error When open fails the fd in the response is uninitialized and we ended up taking a reference on the file struct and never released it. Signed-off-by: Jan Harkes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/coda/file.c | 7 +++++-- fs/coda/psdev.c | 3 ++- fs/coda/upcall.c | 10 +++++----- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/fs/coda/file.c b/fs/coda/file.c index 99dbe866816d..e7d622709c90 100644 --- a/fs/coda/file.c +++ b/fs/coda/file.c @@ -143,8 +143,11 @@ int coda_open(struct inode *coda_inode, struct file *coda_file) lock_kernel(); error = venus_open(coda_inode->i_sb, coda_i2f(coda_inode), coda_flags, - &host_file); - if (error || !host_file) { + &host_file); + if (!host_file) + error = -EIO; + + if (error) { kfree(cfi); unlock_kernel(); return error; diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c index 803aacf0d49c..09382d47a4e1 100644 --- a/fs/coda/psdev.c +++ b/fs/coda/psdev.c @@ -195,7 +195,8 @@ static ssize_t coda_psdev_write(struct file *file, const char __user *buf, if (req->uc_opcode == CODA_OPEN_BY_FD) { struct coda_open_by_fd_out *outp = (struct coda_open_by_fd_out *)req->uc_data; - outp->fh = fget(outp->fd); + if (!outp->oh.result) + outp->fh = fget(outp->fd); } wake_up(&req->uc_sleep); diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c index 5faacdb1a479..1651b918219a 100644 --- a/fs/coda/upcall.c +++ b/fs/coda/upcall.c @@ -251,12 +251,12 @@ int venus_open(struct super_block *sb, struct CodaFid *fid, insize = SIZE(open_by_fd); UPARG(CODA_OPEN_BY_FD); - inp->coda_open.VFid = *fid; - inp->coda_open.flags = flags; + inp->coda_open_by_fd.VFid = *fid; + inp->coda_open_by_fd.flags = flags; - error = coda_upcall(coda_sbp(sb), insize, &outsize, inp); - - *fh = outp->coda_open_by_fd.fh; + error = coda_upcall(coda_sbp(sb), insize, &outsize, inp); + if (!error) + *fh = outp->coda_open_by_fd.fh; CODA_FREE(inp, insize); return error; -- cgit v1.2.3