The current placement of posix_acl_release() in ovl_set_or_remove_acl()
means it can be called on an error pointer instead of actual acls.
Fix this by moving the posix_acl_release() call after the error handling.
Fixes:
0e641857322f ("ovl: implement set acl method") # mainline only
Reported-by: syzbot+3f6ef1c4586bb6fd1f61@syzkaller.appspotmail.com
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
real_acl = vfs_get_acl(mnt_user_ns(realpath.mnt), realdentry,
acl_name);
revert_creds(old_cred);
- posix_acl_release(real_acl);
if (IS_ERR(real_acl)) {
err = PTR_ERR(real_acl);
goto out_drop_write;
}
+ posix_acl_release(real_acl);
}
if (!upperdentry) {