From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dave Hansen <dave-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Subject: [PATCH] fix oops in checkpoint/restart error path
Date: Thu, 16 Oct 2008 15:51:28 -0700
Message-ID: <20081016225128.43636F12@kernel>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
List-Unsubscribe: <https://lists.linux-foundation.org/mailman/listinfo/containers>,
	<mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=unsubscribe>
List-Archive: <http://lists.linux-foundation.org/pipermail/containers>
List-Post: <mailto:containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
List-Help: <mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=help>
List-Subscribe: <https://lists.linux-foundation.org/mailman/listinfo/containers>,
	<mailto:containers-request-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org?subject=subscribe>
Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
To: containers <containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Cc: Dave Hansen <dave-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
List-Id: containers.vger.kernel.org


The 'ctx' is kzmalloc()'d.  So, all its contents are zeroed.
It has a list_head, which is walked during cr_ctx_free().
list_for_each() on a non-initalized list_head is bad.  Whoops.


Signed-off-by: Dave Hansen <dave-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
---

 linux-2.6.git-dave/checkpoint/sys.c |    1 +
 1 file changed, 1 insertion(+)

diff -puN checkpoint/sys.c~fix-cr-oops0 checkpoint/sys.c
--- linux-2.6.git/checkpoint/sys.c~fix-cr-oops0	2008-10-16 15:48:18.000000000 -0700
+++ linux-2.6.git-dave/checkpoint/sys.c	2008-10-16 15:48:35.000000000 -0700
@@ -179,6 +179,7 @@ struct cr_ctx *cr_ctx_alloc(pid_t pid, i
 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
 	if (!ctx)
 		return ERR_PTR(-ENOMEM);
+	INIT_LIST_HEAD(&ctx->pgarr_list);
 
 	ctx->file = fget(fd);
 	if (!ctx->file) {
diff -L checkpoint/ckpt_mem.h -puN /dev/null /dev/null
_