• Xiyu Yang's avatar
    configfs: fix config_item refcnt leak in configfs_rmdir() · 8aebfffa
    Xiyu Yang authored
    configfs_rmdir() invokes configfs_get_config_item(), which returns a
    reference of the specified config_item object to "parent_item" with
    increased refcnt.
    
    When configfs_rmdir() returns, local variable "parent_item" becomes
    invalid, so the refcount should be decreased to keep refcount balanced.
    
    The reference counting issue happens in one exception handling path of
    configfs_rmdir(). When down_write_killable() fails, the function forgets
    to decrease the refcnt increased by configfs_get_config_item(), causing
    a refcnt leak.
    
    Fix this issue by calling config_item_put() when down_write_killable()
    fails.
    Signed-off-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
    Signed-off-by: default avatarXin Tan <tanxin.ctf@gmail.com>
    Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
    8aebfffa
dir.c 49.7 KB