mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 13:53:33 +00:00
btrfs: free btrfs_path before copying fspath to userspace
commit 8cf96b409d upstream.
btrfs_ioctl_ino_to_path() frees the search path after the userspace copy
from the temp buffer @ipath->fspath. Which potentially can lead to a lock
splat warning.
Fix this by freeing the path before we copy it to userspace.
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Anand Jain
Greg Kroah-Hartman
parent
5ed5c9b8b3
commit
fc5c2677b9
1 changed files with 2 additions and 0 deletions
|
|
@ -4232,6 +4232,8 @@ static long btrfs_ioctl_ino_to_path(struct btrfs_root *root, void __user *arg)
|
|||
ipath->fspath->val[i] = rel_ptr;
|
||||
}
|
||||
|
||||
btrfs_free_path(path);
|
||||
path = NULL;
|
||||
ret = copy_to_user((void __user *)(unsigned long)ipa->fspath,
|
||||
ipath->fspath, size);
|
||||
if (ret) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue