Commit 20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d
Committed by
Linus Torvalds
1 parent
e368d3a836
cgroups: avoid accessing uninitialized data in failure path
If cgroup_get_rootdir() failed, free_cg_links() will be called in the failure path, but tmp_cg_links hasn't been initialized at that time. I introduced this bug in the 2.6.27 merge window. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Paul Menage <menage@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 1 changed file with 3 additions and 2 deletions Side-by-side Diff
kernel/cgroup.c
... | ... | @@ -1024,7 +1024,7 @@ |
1024 | 1024 | if (ret == -EBUSY) { |
1025 | 1025 | mutex_unlock(&cgroup_mutex); |
1026 | 1026 | mutex_unlock(&inode->i_mutex); |
1027 | - goto drop_new_super; | |
1027 | + goto free_cg_links; | |
1028 | 1028 | } |
1029 | 1029 | |
1030 | 1030 | /* EBUSY should be the only error here */ |
1031 | 1031 | |
... | ... | @@ -1073,10 +1073,11 @@ |
1073 | 1073 | |
1074 | 1074 | return simple_set_mnt(mnt, sb); |
1075 | 1075 | |
1076 | + free_cg_links: | |
1077 | + free_cg_links(&tmp_cg_links); | |
1076 | 1078 | drop_new_super: |
1077 | 1079 | up_write(&sb->s_umount); |
1078 | 1080 | deactivate_super(sb); |
1079 | - free_cg_links(&tmp_cg_links); | |
1080 | 1081 | return ret; |
1081 | 1082 | } |
1082 | 1083 |