linux-hardened/fs/efs/symlink.c
Josh Triplett 0aa9e4f147 [PATCH] efs: Remove incorrect unlock_kernel from failure path in efs_symlink_readpage()
If efs_symlink_readpage hits the -ENAMETOOLONG error path, it will call
unlock_kernel without ever having called lock_kernel(); fix this by
creating and jumping to a new label fail_notlocked rather than the fail
label used after calling lock_kernel().

Signed-off-by: Josh Triplett <josh@freedesktop.org>
Cc: Marcelo Tosatti <marcelo.tosatti@cyclades.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-31 13:28:41 -07:00

59 lines
1.3 KiB
C

/*
* symlink.c
*
* Copyright (c) 1999 Al Smith
*
* Portions derived from work (c) 1995,1996 Christian Vogelgsang.
*/
#include <linux/string.h>
#include <linux/efs_fs.h>
#include <linux/pagemap.h>
#include <linux/buffer_head.h>
#include <linux/smp_lock.h>
static int efs_symlink_readpage(struct file *file, struct page *page)
{
char *link = kmap(page);
struct buffer_head * bh;
struct inode * inode = page->mapping->host;
efs_block_t size = inode->i_size;
int err;
err = -ENAMETOOLONG;
if (size > 2 * EFS_BLOCKSIZE)
goto fail_notlocked;
lock_kernel();
/* read first 512 bytes of link target */
err = -EIO;
bh = sb_bread(inode->i_sb, efs_bmap(inode, 0));
if (!bh)
goto fail;
memcpy(link, bh->b_data, (size > EFS_BLOCKSIZE) ? EFS_BLOCKSIZE : size);
brelse(bh);
if (size > EFS_BLOCKSIZE) {
bh = sb_bread(inode->i_sb, efs_bmap(inode, 1));
if (!bh)
goto fail;
memcpy(link + EFS_BLOCKSIZE, bh->b_data, size - EFS_BLOCKSIZE);
brelse(bh);
}
link[size] = '\0';
unlock_kernel();
SetPageUptodate(page);
kunmap(page);
unlock_page(page);
return 0;
fail:
unlock_kernel();
fail_notlocked:
SetPageError(page);
kunmap(page);
unlock_page(page);
return err;
}
const struct address_space_operations efs_symlink_aops = {
.readpage = efs_symlink_readpage
};