From 5b52aebef8954cadff29918bb61d7fdc7be07837 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Thu, 3 Nov 2022 08:18:46 +0100 Subject: ovl: call posix_acl_release() after error checking The current placement of posix_acl_release() in ovl_set_or_remove_acl() means it can be called on an error pointer instead of actual acls. Fix this by moving the posix_acl_release() call after the error handling. Fixes: 0e641857322f ("ovl: implement set acl method") # mainline only Reported-by: syzbot+3f6ef1c4586bb6fd1f61@syzkaller.appspotmail.com Signed-off-by: Christian Brauner (Microsoft) --- fs/overlayfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/overlayfs') diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 77a77fd7a77b..ee6dfa577c93 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -621,11 +621,11 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, real_acl = vfs_get_acl(mnt_user_ns(realpath.mnt), realdentry, acl_name); revert_creds(old_cred); - posix_acl_release(real_acl); if (IS_ERR(real_acl)) { err = PTR_ERR(real_acl); goto out_drop_write; } + posix_acl_release(real_acl); } if (!upperdentry) { -- cgit v1.2.3