From: Eric Sandeen <sandeen@redhat.com>
To: Chris Wilson <chris@chris-wilson.co.uk>
Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>
Subject: Re: [PATCH] ext4: Fix invalid free of cache->name after ext4_mb_init() error
Date: Mon, 24 Jan 2011 10:25:27 -0600 [thread overview]
Message-ID: <4D3DA7F7.4010306@redhat.com> (raw)
In-Reply-To: <1295876547-6338-1-git-send-email-chris@chris-wilson.co.uk>
On 01/24/2011 07:42 AM, Chris Wilson wrote:
> The name allocated for the kmem_cache was being freed in the error path even
> if that name was still assigned to the newly created cache.
This code still has trouble on the module unload / uninit path;
I sent a more invasive patch to just use static patch names,
see [PATCH] ext4: make grpinfo slab cache names static
from last week.
-Eric
> Cc: "Theodore Ts'o" <tytso@mit.edu>
> Cc: Andreas Dilger <adilger.kernel@dilger.ca>
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> ---
> fs/ext4/mballoc.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
> index 851f49b..69b90fe 100644
> --- a/fs/ext4/mballoc.c
> +++ b/fs/ext4/mballoc.c
> @@ -2423,7 +2423,6 @@ int ext4_mb_init(struct super_block *sb, int needs_recovery)
> int ret;
> int cache_index;
> struct kmem_cache *cachep;
> - char *namep = NULL;
>
> i = (sb->s_blocksize_bits + 2) * sizeof(*sbi->s_mb_offsets);
>
> @@ -2443,7 +2442,7 @@ int ext4_mb_init(struct super_block *sb, int needs_recovery)
> cache_index = sb->s_blocksize_bits - EXT4_MIN_BLOCK_LOG_SIZE;
> cachep = ext4_groupinfo_caches[cache_index];
> if (!cachep) {
> - char name[32];
> + char name[32], *namep;
> int len = offsetof(struct ext4_group_info,
> bb_counters[sb->s_blocksize_bits + 2]);
>
> @@ -2459,6 +2458,7 @@ int ext4_mb_init(struct super_block *sb, int needs_recovery)
> cachep = kmem_cache_create(namep, len, 0,
> SLAB_RECLAIM_ACCOUNT, NULL);
> if (!cachep) {
> + kfree(namep);
> ret = -ENOMEM;
> goto out;
> }
> @@ -2520,7 +2520,6 @@ out:
> if (ret) {
> kfree(sbi->s_mb_offsets);
> kfree(sbi->s_mb_maxs);
> - kfree(namep);
> }
> return ret;
> }
prev parent reply other threads:[~2011-01-24 16:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-24 13:42 [PATCH] ext4: Fix invalid free of cache->name after ext4_mb_init() error Chris Wilson
2011-01-24 16:25 ` Eric Sandeen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D3DA7F7.4010306@redhat.com \
--to=sandeen@redhat.com \
--cc=adilger.kernel@dilger.ca \
--cc=chris@chris-wilson.co.uk \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.