Prev: trying to understand READ_META, READ_SYNC, WRITE_SYNC & co
Next: drivers/hid: Eliminate a double lock
From: Davidlohr Bueso on 21 Jun 2010 06:00 Hi, In ramfs_fill_super(), if fsi's memory allocation fails, it will go to 'fail', which immediately tries to free the variable, potentially producing an Oops. This patch addresses this issue. Thanks. Signed-off-by: Davidlohr Bueso <dave(a)gnu.org> --- fs/ramfs/inode.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c index a5ebae7..40af7a2 100644 --- a/fs/ramfs/inode.c +++ b/fs/ramfs/inode.c @@ -219,7 +219,7 @@ int ramfs_fill_super(struct super_block *sb, void *data, int silent) sb->s_fs_info = fsi; if (!fsi) { err = -ENOMEM; - goto fail; + goto fail2; } err = ramfs_parse_options(data, &fsi->mount_opts); @@ -247,11 +247,13 @@ int ramfs_fill_super(struct super_block *sb, void *data, int silent) } return 0; -fail: - kfree(fsi); +fail2: sb->s_fs_info = NULL; iput(inode); return err; +fail: + kfree(fsi); + goto fail2; } int ramfs_get_sb(struct file_system_type *fs_type, -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |