From: Alexander Viro <aviro@redhat.com> Date: Sat, 14 Jan 2006 20:29:55 +0000 (-0500) Subject: [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open X-Git-Url: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6 [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open Fixed the refcounting on failure exits in sys_mq_open() and cleaned the logics up. Rules are actually pretty simple - dentry_open() expects vfsmount and dentry to be pinned down and it either transfers them into created struct file or drops them. Old code had been very confused in that area - if dentry_open() had failed either in do_open() or do_create(), we ended up dentry and mqueue_mnt dropped twice, once by dentry_open() cleanup and then by sys_mq_open(). Fix consists of making the rules for do_create() and do_open() same as for dentry_open() and updating the sys_mq_open() accordingly; that actually leads to more straightforward code and less work on normal path. Signed-off-by: Al Viro <aviro@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
CCing maintainers: ck-sources-2.6: marineam gentoo-sources-2.6: dsd hardened-sources-2.6: kerframil/hardened hppa-sources-2.6: GMSoft mips-sources-2.6: Kumba rsbac-sources-2.6: kang suspend2-sources-2.6: brix xbox-sources-2.6: gimli
Created attachment 77224 [details, diff] fix-double-decrement-in-sys_mq_open.patch Patch. Applies against 2.6.14 and 2.6.15 (not sure about earlier versions).
Created attachment 77226 [details, diff] fix-double-decrement-in-sys_mq_open.patch (inc. git header) Revision. Exactly the same, just added the git header stuff and commit message at the top.
hppa-sources-2.6.15.1_p4 in CVS.
Fixed in gentoo-sources-2.6.15-r2 (genpatches-2.6.15-4) and Linux 2.6.15.2
Fixed in hardened-sources-2.6.15-r5 and genpatches-2.6.14-10.
Fixed in suspend2-sources-2.6.15-r5.
All fixed now, thanks!
