[PATCH] jfs: Fix early release of acl in jfs_get_acl

[PATCH] jfs: Fix early release of acl in jfs_get_acl

[Stefan Bader]

[-- Attachment #1: Type: text/plain, Size: 757 bytes --]

Commit 073aaa1b142461d91f83da66db1184d7c1b1edea "helpers for acl
caching + switch to those" introduced new helper functions for
acl handling but seems to have introduced a regression for jfs as the
acl is released before returning it to the caller, instead of
leaving this for the caller to do.
This causes the acl object to be used after freeing it, leading
to kernel panics in completely different places.

Thanks to Christophe Dumez for reporting and bisecting into this.

Reported-by: Christophe Dumez <dchris@gmail.com>
Tested-by: Christophe Dumez <dchris@gmail.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
---
  fs/jfs/acl.c |    4 +---
  1 files changed, 1 insertions(+), 3 deletions(-)


[-- Attachment #2: 0001-jfs-Fix-early-release-of-acl-in-jfs_get_acl.patch --]
[-- Type: text/x-diff, Size: 1433 bytes --]

>From a345a80ca7a926c9c6e322a1e8add4817c834d0f Mon Sep 17 00:00:00 2001
From: Stefan Bader <stefan.bader@canonical.com>
Date: Thu, 23 Jul 2009 11:26:05 +0200
Subject: [PATCH] jfs: Fix early release of acl in jfs_get_acl

BugLink: http://bugs.launchpad.net/ubuntu/+bug/396780

Commit 073aaa1b142461d91f83da66db1184d7c1b1edea "helpers for acl
caching + switch to those" introduced new helper functions for
acl handling but seems to have introduced a regression for jfs as
the acl is released before returning it to the caller, instead of
leaving this for the caller to do.
This causes the acl object to be used after freeing it, leading
to kernel panics in completely different places.

Thanks to Christophe Dumez for reporting and bisecting into this.

Reported-by: Christophe Dumez <dchris@gmail.com>
Tested-by: Christophe Dumez <dchris@gmail.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
---
 fs/jfs/acl.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c
index f272bf0..3c88d1b 100644
--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -67,10 +67,8 @@ static struct posix_acl *jfs_get_acl(struct inode *inode, int type)
 		acl = posix_acl_from_xattr(value, size);
 	}
 	kfree(value);
-	if (!IS_ERR(acl)) {
+	if (!IS_ERR(acl))
 		set_cached_acl(inode, type, acl);
-		posix_acl_release(acl);
-	}
 	return acl;
 }
 
-- 
1.5.4.3

Re: [PATCH] jfs: Fix early release of acl in jfs_get_acl

[Dave Kleikamp]

On Thu, 2009-07-23 at 16:45 +0200, Stefan Bader wrote:
> Commit 073aaa1b142461d91f83da66db1184d7c1b1edea "helpers for acl
> caching + switch to those" introduced new helper functions for
> acl handling but seems to have introduced a regression for jfs as the
> acl is released before returning it to the caller, instead of
> leaving this for the caller to do.
> This causes the acl object to be used after freeing it, leading
> to kernel panics in completely different places.

This looks good.  Thanks much!  I'll get it upstream as soon as
possible.

> Thanks to Christophe Dumez for reporting and bisecting into this.
> 
> Reported-by: Christophe Dumez <dchris@gmail.com>
> Tested-by: Christophe Dumez <dchris@gmail.com>
> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
> Acked-by: Andy Whitcroft <apw@canonical.com>
> ---
>   fs/jfs/acl.c |    4 +---
>   1 files changed, 1 insertions(+), 3 deletions(-)

Thanks,
Shaggy
-- 
David Kleikamp
IBM Linux Technology Center