On Tue, Apr 14, 2015 at 11:30:25AM +1000, Stephen Rothwell wrote:
> +static void ext4_put_link(struct dentry *dentry, struct nameidata *nd,
> + void *cookie)
> +{
> + struct page *page = cookie;
> + char *buf = nd_get_link(nd);
> +
> + if (page) {
> + kunmap(page);
> + page_cache_release(page);
> + }
> + if (buf) {
> + nd_set_link(nd, NULL);
> + kfree(buf);
What the hell is that for? ->put_link() has no damn reason to call
nd_set_link(); the whole _point_ of ->put_link() is to free what needs
to be freed when we discard a stack element. And why, in the name of
everything unholy, does it need to keep *any* page mapped?
Look, either nd_get_link() points inside that page (in which case that
kfree() is obviously invalid), or it points at kmalloc'ed buffer. In
which case kfree() is correct, but WTF do you need anything _else_?
Such as mapped pages, etc.
Has anyone reviewed that code?
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
