The patch titled
uml: hostfs: fix double free
has been added to the -mm tree. Its filename is
uml-hostfs-fix-double-free.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: uml: hostfs: fix double free
From: Paolo 'Blaisorblade' Giarrusso <blaisorblade@xxxxxxxx>
Fix double free in the error path - when name is assigned into root_inode we
do not own it any more and we must not kfree() it - see patch for details.
Thanks to William Stearns for the initial report.
CC: William Stearns <wstearns@xxxxxxxxx>
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@xxxxxxxx>
Cc: Jeff Dike <jdike@xxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/hostfs/hostfs_kern.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff -puN fs/hostfs/hostfs_kern.c~uml-hostfs-fix-double-free fs/hostfs/hostfs_kern.c
--- a/fs/hostfs/hostfs_kern.c~uml-hostfs-fix-double-free
+++ a/fs/hostfs/hostfs_kern.c
@@ -966,6 +966,9 @@ static int hostfs_fill_sb_common(struct
goto out_put;
HOSTFS_I(root_inode)->host_filename = name;
+ /* Avoid that in the error path, iput(root_inode) frees again name through
+ * hostfs_destroy_inode! */
+ name = NULL;
err = -ENOMEM;
sb->s_root = d_alloc_root(root_inode);
@@ -977,7 +980,7 @@ static int hostfs_fill_sb_common(struct
/* No iput in this case because the dput does that for us */
dput(sb->s_root);
sb->s_root = NULL;
- goto out_free;
+ goto out;
}
return(0);
_
Patches currently in -mm which might be from blaisorblade@xxxxxxxx are
origin.patch
x86_64-fix-2618-regression-ptrace_oldsetoptions-should-be-accepted.patch
uml-hostfs-fix-double-free.patch
uml-hostfs-make-hostfs=-option-work-as-a-jail-as-intended.patch
uml-fix-a-memory-leak-in-the-multicast-driver.patch
uml-remove-dead-code-about-os_usr1_signal-and-os_usr1_process.patch
uml-mark-both-consoles-as-con_anytime.patch
uml-fix-confusion-irq-early-reenabling.patch
uml-activate_fd-return-enomem-only-when-appropriate.patch
uml-fix-errno-usage.patch
uml-delete-unused-code.patch
uml-formatting-fixes.patch
uml-host_info-tidying.patch
uml-fix-prototypes.patch
git-gccbug.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
