Quoting Li Zefan (lizf@xxxxxxxxxxxxxx): > If cgroup_get_rootdir() failed, free_cg_links() will be called > in the failure path, but tmp_cg_links hasn't been initialized > at that time. > > I should be blamed to introduce this bug in 2.6.26 merge window. > > Signed-off-by: Li Zefan <lizf@xxxxxxxxxxxxxx> Certainly looks right. Acked-by: Serge Hallyn <serue@xxxxxxxxxx> > --- > kernel/cgroup.c | 5 +++-- > 1 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/kernel/cgroup.c b/kernel/cgroup.c > index 8185a0f..330b7ae 100644 > --- a/kernel/cgroup.c > +++ b/kernel/cgroup.c > @@ -1024,7 +1024,7 @@ static int cgroup_get_sb(struct file_system_type *fs_type, > if (ret == -EBUSY) { > mutex_unlock(&cgroup_mutex); > mutex_unlock(&inode->i_mutex); > - goto drop_new_super; > + goto free_cg_links; > } > > /* EBUSY should be the only error here */ > @@ -1073,10 +1073,11 @@ static int cgroup_get_sb(struct file_system_type *fs_type, > > return simple_set_mnt(mnt, sb); > > + free_cg_links: > + free_cg_links(&tmp_cg_links); > drop_new_super: > up_write(&sb->s_umount); > deactivate_super(sb); > - free_cg_links(&tmp_cg_links); > return ret; > } > > -- > 1.5.4.rc3 > > _______________________________________________ > Containers mailing list > Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx > https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers