This is a note to let you know that I've just added the patch titled
fs/affs/super.c: bugfix / double free
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fs-affs-super.c-bugfix-double-free.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From d353efd02357a74753cd45f367a2d3d357fd6904 Mon Sep 17 00:00:00 2001
From: Fabian Frederick <fabf@xxxxxxxxx>
Date: Tue, 6 May 2014 12:50:11 -0700
Subject: fs/affs/super.c: bugfix / double free
From: Fabian Frederick <fabf@xxxxxxxxx>
commit d353efd02357a74753cd45f367a2d3d357fd6904 upstream.
Commit 842a859db26b ("affs: use ->kill_sb() to simplify ->put_super()
and failure exits of ->mount()") adds .kill_sb which frees sbi but
doesn't remove sbi free in case of parse_options error causing double
free+random crash.
Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx>
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/affs/super.c | 2 --
1 file changed, 2 deletions(-)
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -336,8 +336,6 @@ static int affs_fill_super(struct super_
&blocksize,&sbi->s_prefix,
sbi->s_volume, &mount_flags)) {
printk(KERN_ERR "AFFS: Error parsing options\n");
- kfree(sbi->s_prefix);
- kfree(sbi);
return -EINVAL;
}
/* N.B. after this point s_prefix must be released */
Patches currently in stable-queue which might be from fabf@xxxxxxxxx are
queue-3.14/fs-affs-super.c-bugfix-double-free.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html