Commit 20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d
Committed by
Linus Torvalds
Linus Torvalds
1 parent
e368d3a836
cgroups: avoid accessing uninitialized data in failure path
If cgroup_get_rootdir() failed, free_cg_links() will be called in the failure path, but tmp_cg_links hasn't been initialized at that time. I introduced this bug in the 2.6.27 merge window. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Paul Menage <menage@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 3 additions and 2 deletions Side-by-side Diff
kernel/cgroup.c
| ... | ... | @@ -1024,7 +1024,7 @@ |
| 1024 | 1024 | if (ret == -EBUSY) { |
| 1025 | 1025 | mutex_unlock(&cgroup_mutex); |
| 1026 | 1026 | mutex_unlock(&inode->i_mutex); |
| 1027 | - goto drop_new_super; | |
| 1027 | + goto free_cg_links; | |
| 1028 | 1028 | } |
| 1029 | 1029 | |
| 1030 | 1030 | /* EBUSY should be the only error here */ |
| 1031 | 1031 | |
| ... | ... | @@ -1073,10 +1073,11 @@ |
| 1073 | 1073 | |
| 1074 | 1074 | return simple_set_mnt(mnt, sb); |
| 1075 | 1075 | |
| 1076 | + free_cg_links: | |
| 1077 | + free_cg_links(&tmp_cg_links); | |
| 1076 | 1078 | drop_new_super: |
| 1077 | 1079 | up_write(&sb->s_umount); |
| 1078 | 1080 | deactivate_super(sb); |
| 1079 | - free_cg_links(&tmp_cg_links); | |
| 1080 | 1081 | return ret; |
| 1081 | 1082 | } |
| 1082 | 1083 |