Prev: trying to understand READ_META, READ_SYNC, WRITE_SYNC & co
Next: drivers/hid: Eliminate a double lock
From: Davidlohr Bueso on 21 Jun 2010 06:00
Hi,

In ramfs_fill_super(), if fsi's memory allocation fails, it will go to 'fail',
which immediately tries to free the variable, potentially producing an Oops.
This patch addresses this issue.

Thanks.

Signed-off-by: Davidlohr Bueso <dave(a)gnu.org>
---
fs/ramfs/inode.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c
index a5ebae7..40af7a2 100644
--- a/fs/ramfs/inode.c
+++ b/fs/ramfs/inode.c
@@ -219,7 +219,7 @@ int ramfs_fill_super(struct super_block *sb, void *data, int silent)
sb->s_fs_info = fsi;
if (!fsi) {
err = -ENOMEM;
- goto fail;
+ goto fail2;
}

err = ramfs_parse_options(data, &fsi->mount_opts);
@@ -247,11 +247,13 @@ int ramfs_fill_super(struct super_block *sb, void *data, int silent)
}

return 0;
-fail:
- kfree(fsi);
+fail2:
sb->s_fs_info = NULL;
iput(inode);
return err;
+fail:
+ kfree(fsi);
+ goto fail2;
}

int ramfs_get_sb(struct file_system_type *fs_type,
--
1.7.0.4




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: trying to understand READ_META, READ_SYNC, WRITE_SYNC & co
Next: drivers/hid: Eliminate a double lock