nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl

nfs3_set_acl keeps track of the acl it allocated locally to determine if an acl
needs to be released at the end.  This results in a memory leak when the
function allocates an acl as well as a default acl.  Fix by releasing acls
that differ from the acl originally passed into nfs3_set_acl.

Fixes: b7fa0554cf ("[PATCH] NFS: Add support for NFSv3 ACLs")
Reported-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
This commit is contained in:
Andreas Gruenbacher 2020-04-20 15:51:47 +02:00 committed by Trond Myklebust
parent 4d8948c733
commit 7648f939cb

View File

@ -253,37 +253,45 @@ int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl,
int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type) int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type)
{ {
struct posix_acl *alloc = NULL, *dfacl = NULL; struct posix_acl *orig = acl, *dfacl = NULL, *alloc;
int status; int status;
if (S_ISDIR(inode->i_mode)) { if (S_ISDIR(inode->i_mode)) {
switch(type) { switch(type) {
case ACL_TYPE_ACCESS: case ACL_TYPE_ACCESS:
alloc = dfacl = get_acl(inode, ACL_TYPE_DEFAULT); alloc = get_acl(inode, ACL_TYPE_DEFAULT);
if (IS_ERR(alloc)) if (IS_ERR(alloc))
goto fail; goto fail;
dfacl = alloc;
break; break;
case ACL_TYPE_DEFAULT: case ACL_TYPE_DEFAULT:
dfacl = acl; alloc = get_acl(inode, ACL_TYPE_ACCESS);
alloc = acl = get_acl(inode, ACL_TYPE_ACCESS);
if (IS_ERR(alloc)) if (IS_ERR(alloc))
goto fail; goto fail;
dfacl = acl;
acl = alloc;
break; break;
} }
} }
if (acl == NULL) { if (acl == NULL) {
alloc = acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); alloc = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
if (IS_ERR(alloc)) if (IS_ERR(alloc))
goto fail; goto fail;
acl = alloc;
} }
status = __nfs3_proc_setacls(inode, acl, dfacl); status = __nfs3_proc_setacls(inode, acl, dfacl);
posix_acl_release(alloc); out:
if (acl != orig)
posix_acl_release(acl);
if (dfacl != orig)
posix_acl_release(dfacl);
return status; return status;
fail: fail:
return PTR_ERR(alloc); status = PTR_ERR(alloc);
goto out;
} }
const struct xattr_handler *nfs3_xattr_handlers[] = { const struct xattr_handler *nfs3_xattr_handlers[] = {