3.18-stable review patch. If anyone has any objections, please let me know.
------------------ From: Cong Wang <[email protected]> commit b5c66bab72a6a65edb15beb60b90d3cb84c5763b upstream. posix_acl_update_mode() could possibly clear 'acl', if so we leak the memory pointed by 'acl'. Save this pointer before calling posix_acl_update_mode() and release the memory if 'acl' really gets cleared. Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Cong Wang <[email protected]> Reported-by: Mark Salyzyn <[email protected]> Reviewed-by: Jan Kara <[email protected]> Reviewed-by: Greg Kurz <[email protected]> Cc: Eric Van Hensbergen <[email protected]> Cc: Ron Minnich <[email protected]> Cc: Latchesar Ionkov <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- fs/9p/acl.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/9p/acl.c +++ b/fs/9p/acl.c @@ -321,6 +321,7 @@ static int v9fs_xattr_set_acl(struct den name = POSIX_ACL_XATTR_ACCESS; if (acl) { struct iattr iattr; + struct posix_acl *old_acl = acl; retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl); if (retval) @@ -331,6 +332,7 @@ static int v9fs_xattr_set_acl(struct den * by the mode bits. So don't * update ACL. */ + posix_acl_release(old_acl); value = NULL; size = 0; }
