From: David Howells <dhowells@redhat.com>
Date: Tue, 30 Oct 2018 18:53:06 +0000 (+0000)
Subject: vfs: Fix error handling in do_remount()
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=2dcc1f3b7dcb58e6108b5a45a9dcccd6ab5fec19;p=users%2Fwilly%2Flinux.git

vfs: Fix error handling in do_remount()

In do_remount() when we fail to allocate an fs_context object, the code
jumps to the call to put_fs_context(), which then oopses as fc == -ENOMEM.

Fix this by jumping to the return statement after that instead.

Fixes: 37744f3d21f8 ("vfs: Implement a filesystem superblock creation/configuration context")
Reported-by: syzbot+cefb6ac96fc431886ec2@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/fs/namespace.c b/fs/namespace.c
index 7fb265914535..a78b2d1cef08 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2400,7 +2400,7 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags,
 				FS_CONTEXT_FOR_RECONFIGURE);
 	err = PTR_ERR(fc);
 	if (IS_ERR(fc))
-		goto err_fc;
+		goto err;
 
 	err = parse_monolithic_mount_data(fc, data, data_size);
 	if (err < 0)
@@ -2426,6 +2426,7 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags,
 	up_write(&sb->s_umount);
 err_fc:
 	put_fs_context(fc);
+err:
 	return err;
 }