securityfs: Drop dentry reference count when mknod fails

lookup_one_len increments dentry reference count which is not decremented
when the create operation fails. This can cause a kernel BUG at
fs/dcache.c:676 at unmount time. Also error code returned when new_inode()
fails was replaced with more appropriate -ENOMEM.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/inode.c b/security/inode.c
index 1c812e8..8c777f0 100644 (file)
--- a/security/inode.c
+++ b/security/inode.c
@@ -86,7 +86,7 @@ static int mknod(struct inode *dir, struct dentry *dentry,
                         int mode, dev_t dev)
 {
        struct inode *inode;
-       int error = -EPERM;
+       int error = -ENOMEM;
 
        if (dentry->d_inode)
                return -EEXIST;
@@ -166,6 +166,8 @@ static int create_by_name(const char *name, mode_t mode,
                        error = mkdir(parent->d_inode, *dentry, mode);
                else
                        error = create(parent->d_inode, *dentry, mode);
+               if (error)
+                       dput(*dentry);
        } else
                error = PTR_ERR(*dentry);
        mutex_unlock(&parent->d_inode->i_mutex);