From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: Re: [PATCH] vfs: Don't leak a path when get_empty_filp in dentry_open
Date: Thu, 16 Jan 2014 16:17:27 -0800
Message-ID: <87eh47v4vc.fsf@xmission.com>
References: <871u07wkwt.fsf@xmission.com>
	<20140116235925.GY10323@ZenIV.linux.org.uk>
Mime-Version: 1.0
Content-Type: text/plain
Cc: linux-fsdevel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org
To: Al Viro <viro@ZenIV.linux.org.uk>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20140116235925.GY10323@ZenIV.linux.org.uk> (Al Viro's message of
	"Thu, 16 Jan 2014 23:59:25 +0000")
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Al Viro <viro@ZenIV.linux.org.uk> writes:

> On Thu, Jan 16, 2014 at 03:45:38PM -0800, Eric W. Biederman wrote:
>> 
>> Normally in dentry_open the passed in path is placed on the new filp
>> removing the caller from needing to worry about it.  In the rare case
>> that we can not allocate a filp the path is not consumed.  None of the
>> callers of dentry_open call path_put in their error handling when
>> dentry_open fails so call path_put for them on error and keep everyone's
>> error handling simple.
>
> You are misreading that code.  _No_ path in dentry_open() drops that
> sucker, no matter whether we succeed or fail.  do_dentry_open() grabs
> an extra reference on success, so those fput() on other failure exits
> just balance that.

Yep you are right.  My mistake.  The weird code flow tricked me.

Eric