From: David Howells CRED: Further fix execve error handling Further fix [compat_]do_execve() error handling. free_bprm() will release the cred_exec_mutex, but only if bprm->cred is not NULL. Signed-off-by: David Howells --- fs/compat.c | 3 ++- fs/exec.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/compat.c b/fs/compat.c index af24b8a..918f0f2 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -1373,7 +1373,7 @@ int compat_do_execve(char * filename, file = open_exec(filename); retval = PTR_ERR(file); if (IS_ERR(file)) - goto out_unlock; + goto out_free; sched_exec(); @@ -1427,6 +1427,7 @@ out_file: allow_write_access(bprm->file); fput(bprm->file); } + goto out_free; out_unlock: mutex_unlock(¤t->cred_exec_mutex); diff --git a/fs/exec.c b/fs/exec.c index 4b31a72..7b71679 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1319,7 +1319,7 @@ int do_execve(char * filename, file = open_exec(filename); retval = PTR_ERR(file); if (IS_ERR(file)) - goto out_unlock; + goto out_free; sched_exec(); @@ -1376,6 +1376,7 @@ out_file: allow_write_access(bprm->file); fput(bprm->file); } + goto out_free; out_unlock: mutex_unlock(¤t->cred_exec_mutex);