On Thu, Mar 10, 2011 at 05:03:15PM -0600, Eric Sandeen wrote: > Per kernel.org bugzilla #30872 we may call kfree on uninitialized > members of the s_group_info array. We can avoid this by kzalloc'ing > the array, and only freeing them on the error path if they are > non-zero. > > This doesn't entirely solve the oops on mount if we fail down this > path; failed_mount4: frees the sbi, for one, which gets referenced > later in the failed mount paths - I haven't worked that out yet. > > Reported-by: Eugene A. Shatokhin <dame_eugene@xxxxxxx> > Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx> Added to the ext4 patch tree, although I've dropped the second patch hunk, since it's OK to call kfree on a NULL pointers: > @@ -2412,7 +2412,8 @@ err_freebuddy: > kmem_cache_free(cachep, ext4_get_group_info(sb, i)); > i = num_meta_group_infos; > while (i-- > 0) > - kfree(sbi->s_group_info[i]); > + if (sbi->s_group_info[i]) > + kfree(sbi->s_group_info[i]); > iput(sbi->s_buddy_cache); > err_freesgi: > kfree(sbi->s_group_info); - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
