If fsverity_set_info() fails, we need to call fsverity_free_info(). Fixes: ada3a1a48d5a ("fsverity: use a hashtable to find the fsverity_info") Signed-off-by: Eric Biggers --- fs/verity/enable.c | 4 +++- fs/verity/fsverity_private.h | 1 + fs/verity/open.c | 14 +++++++------- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/fs/verity/enable.c b/fs/verity/enable.c index 94c88c419054c..c9448074cce17 100644 --- a/fs/verity/enable.c +++ b/fs/verity/enable.c @@ -272,12 +272,14 @@ static int enable_verity(struct file *filp, * the fsverity_info always first checks the S_VERITY flag on the inode, * which will only be set at the very end of the ->end_enable_verity * method. */ err = fsverity_set_info(vi); - if (err) + if (err) { + fsverity_free_info(vi); goto rollback; + } /* * Tell the filesystem to finish enabling verity on the file. * Serialized with ->begin_enable_verity() by the inode lock. The file * system needs to set the S_VERITY flag on the inode at the very end of diff --git a/fs/verity/fsverity_private.h b/fs/verity/fsverity_private.h index 4d4a0a560562b..2887cb849ceca 100644 --- a/fs/verity/fsverity_private.h +++ b/fs/verity/fsverity_private.h @@ -128,10 +128,11 @@ int fsverity_init_merkle_tree_params(struct merkle_tree_params *params, struct fsverity_info *fsverity_create_info(struct inode *inode, struct fsverity_descriptor *desc); int fsverity_set_info(struct fsverity_info *vi); +void fsverity_free_info(struct fsverity_info *vi); void fsverity_remove_info(struct fsverity_info *vi); int fsverity_get_descriptor(struct inode *inode, struct fsverity_descriptor **desc_ret); diff --git a/fs/verity/open.c b/fs/verity/open.c index 04b2e05a95d73..dfa0d1afe0feb 100644 --- a/fs/verity/open.c +++ b/fs/verity/open.c @@ -176,17 +176,10 @@ static void compute_file_digest(const struct fsverity_hash_alg *hash_alg, desc->sig_size = 0; fsverity_hash_buffer(hash_alg, desc, sizeof(*desc), file_digest); desc->sig_size = sig_size; } -static void fsverity_free_info(struct fsverity_info *vi) -{ - kfree(vi->tree_params.hashstate); - kvfree(vi->hash_block_verified); - kmem_cache_free(fsverity_info_cachep, vi); -} - /* * Create a new fsverity_info from the given fsverity_descriptor (with optional * appended builtin signature), and check the signature if present. The * fsverity_descriptor must have already undergone basic validation. */ @@ -394,10 +387,17 @@ int __fsverity_file_open(struct inode *inode, struct file *filp) return -EPERM; return ensure_verity_info(inode); } EXPORT_SYMBOL_GPL(__fsverity_file_open); +void fsverity_free_info(struct fsverity_info *vi) +{ + kfree(vi->tree_params.hashstate); + kvfree(vi->hash_block_verified); + kmem_cache_free(fsverity_info_cachep, vi); +} + void fsverity_remove_info(struct fsverity_info *vi) { rhashtable_remove_fast(&fsverity_info_hash, &vi->rhash_head, fsverity_info_hash_params); fsverity_free_info(vi); base-commit: 8866b64d3d59f5c9ac5c1c1e3acc6ebeb730f1c2 -- 2.52.0