diff options
author | Li Zefan <lizf@cn.fujitsu.com> | 2008-12-23 13:57:14 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-23 15:58:21 -0800 |
commit | 20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d (patch) | |
tree | 508c0b887653577a2e28dc238c820178593f0f91 /kernel/cgroup.c | |
parent | e368d3a836797ddf193b1ec18c97407a791d2451 (diff) | |
download | lwn-20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d.tar.gz lwn-20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d.zip |
cgroups: avoid accessing uninitialized data in failure path
If cgroup_get_rootdir() failed, free_cg_links() will be called in the
failure path, but tmp_cg_links hasn't been initialized at that time.
I introduced this bug in the 2.6.27 merge window.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/cgroup.c')
-rw-r--r-- | kernel/cgroup.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index a3415507bd0a..2606d0fb4e54 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -1024,7 +1024,7 @@ static int cgroup_get_sb(struct file_system_type *fs_type, if (ret == -EBUSY) { mutex_unlock(&cgroup_mutex); mutex_unlock(&inode->i_mutex); - goto drop_new_super; + goto free_cg_links; } /* EBUSY should be the only error here */ @@ -1073,10 +1073,11 @@ static int cgroup_get_sb(struct file_system_type *fs_type, return simple_set_mnt(mnt, sb); + free_cg_links: + free_cg_links(&tmp_cg_links); drop_new_super: up_write(&sb->s_umount); deactivate_super(sb); - free_cg_links(&tmp_cg_links); return ret; } |