ext4: don't kfree uninitialized s_group_info members
authorEric Sandeen <sandeen@redhat.com>
Tue, 22 Mar 2011 01:25:13 +0000 (21:25 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Tue, 22 Mar 2011 01:25:13 +0000 (21:25 -0400)
We can call kfree on uninitialized members of the s_group_info array
on an the error path.  We can avoid this by kzalloc'ing the array.

This doesn't entirely solve the oops on mount if we fail down this
path; failed_mount4: frees the sbi, for one, which gets referenced
later in the failed mount paths - I haven't worked that out yet.

https://bugzilla.kernel.org/show_bug.cgi?id=30872

Reported-by: Eugene A. Shatokhin <dame_eugene@mail.ru>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
fs/ext4/mballoc.c

index 2f6f0dd08fcaf5daafd6a3e6ee41ec719cd6f461..cdc84953f1d416ae533566929a82df0c70d270b3 100644 (file)
@@ -2386,7 +2386,7 @@ static int ext4_mb_init_backend(struct super_block *sb)
        /* An 8TB filesystem with 64-bit pointers requires a 4096 byte
         * kmalloc. A 128kb malloc should suffice for a 256TB filesystem.
         * So a two level scheme suffices for now. */
-       sbi->s_group_info = kmalloc(array_size, GFP_KERNEL);
+       sbi->s_group_info = kzalloc(array_size, GFP_KERNEL);
        if (sbi->s_group_info == NULL) {
                printk(KERN_ERR "EXT4-fs: can't allocate buddy meta group\n");
                return -ENOMEM;