ceph: fix inode reference leakage in ceph_get_snapdir()

The ceph_get_inode() will search for or insert a new inode into the
hash for the given vino, and return a reference to it. If new is
non-NULL, its reference is consumed.

We should release the reference when in error handing cases.

Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 7b1e93c..460a4fb 100644 (file)
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -87,13 +87,13 @@ struct inode *ceph_get_snapdir(struct inode *parent)
        if (!S_ISDIR(parent->i_mode)) {
                pr_warn_once("bad snapdir parent type (mode=0%o)\n",
                             parent->i_mode);
-               return ERR_PTR(-ENOTDIR);
+               goto err;
        }
 
        if (!(inode->i_state & I_NEW) && !S_ISDIR(inode->i_mode)) {
                pr_warn_once("bad snapdir inode type (mode=0%o)\n",
                             inode->i_mode);
-               return ERR_PTR(-ENOTDIR);
+               goto err;
        }
 
        inode->i_mode = parent->i_mode;
@@ -113,6 +113,12 @@ struct inode *ceph_get_snapdir(struct inode *parent)
        }
 
        return inode;
+err:
+       if ((inode->i_state & I_NEW))
+               discard_new_inode(inode);
+       else
+               iput(inode);
+       return ERR_PTR(-ENOTDIR);
 }
 
 const struct inode_operations ceph_file_iops = {