Commit f4c79144 authored by David Howells's avatar David Howells Committed by Linus Torvalds
Browse files

afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op 



The cleanup for the yfs_store_opaque_acl2_operation calls the wrong
function to destroy the ACL content buffer.  It's an afs_acl struct, not
a yfs_acl struct - and the free function for latter may pass invalid
pointers to kfree().

Fix this by using the afs_acl_put() function.  The yfs_acl_put()
function is then no longer used and can be removed.

	general protection fault, probably for non-canonical address 0x7ebde00000000: 0000 [#1] SMP PTI
	...
	RIP: 0010:compound_head+0x0/0x11
	...
	Call Trace:
	 virt_to_cache+0x8/0x51
	 kfree+0x5d/0x79
	 yfs_free_opaque_acl+0x16/0x29
	 afs_put_operation+0x60/0x114
	 __vfs_setxattr+0x67/0x72
	 __vfs_setxattr_noperm+0x66/0xe9
	 vfs_setxattr+0x67/0xce
	 setxattr+0x14e/0x184
	 __do_sys_fsetxattr+0x66/0x8f
	 do_syscall_64+0x2d/0x3a
	 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fixes: e49c7b2f ("afs: Build an abstraction around an "operation" concept")
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c80afa1d

fs/afs/xattr.c

+1 −6
Original line number Diff line number Diff line
@@ -148,11 +148,6 @@ static const struct xattr_handler afs_xattr_afs_acl_handler = { 
	.set    = afs_xattr_set_acl,

};



static void yfs_acl_put(struct afs_operation *op)

{

	yfs_free_opaque_acl(op->yacl);

}



static const struct afs_operation_ops yfs_fetch_opaque_acl_operation = {

	.issue_yfs_rpc	= yfs_fs_fetch_opaque_acl,

	.success	= afs_acl_success,
@@ -246,7 +241,7 @@ error: 
static const struct afs_operation_ops yfs_store_opaque_acl2_operation = {

	.issue_yfs_rpc	= yfs_fs_store_opaque_acl2,

	.success	= afs_acl_success,

	.put		= yfs_acl_put,

	.put		= afs_acl_put,

};



/*

CRA Git | Maintained and supported by SUSTech CRA and CCSE