sysfs: handle failure path correctly for readdir()
authorMing Lei <ming.lei@canonical.com>
Wed, 20 Mar 2013 15:25:25 +0000 (23:25 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 5 Apr 2013 17:04:16 +0000 (10:04 -0700)
commitcde9833c97c4ad06e569e1f0e7e6b1c84c948aa3
treef3331bd49143517413c85326385409ec45110890
parent01fadbb46b6da196c594ac2266674136cda465a6
sysfs: handle failure path correctly for readdir()

commit e5110f411d2ee35bf8d202ccca2e89c633060dca upstream.

In case of 'if (filp->f_pos ==  0 or 1)' of sysfs_readdir(),
the failure from filldir() isn't handled, and the reference counter
of the sysfs_dirent object pointed by filp->private_data will be
released without clearing filp->private_data, so use after free
bug will be triggered later.

This patch returns immeadiately under the situation for fixing the bug,
and it is reasonable to return from readdir() when filldir() fails.

Reported-by: Dave Jones <davej@redhat.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/sysfs/dir.c