From: bugzilla-daemon@bugzilla.kernel.org
Subject: [Bug 30872] Calling kfree() for uninitialized pointer in
ext4_mb_init_backend()
Date: Mon, 14 Mar 2011 14:23:31 GMT
Message-ID: <201103141423.p2EENVBC005287@demeter1.kernel.org>
References:
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
To: linux-ext4@vger.kernel.org
Return-path:
Received: from demeter1.kernel.org ([140.211.167.39]:56551 "EHLO
demeter1.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1751290Ab1CNOXc convert rfc822-to-8bit (ORCPT
); Mon, 14 Mar 2011 10:23:32 -0400
Received: from demeter1.kernel.org (localhost.localdomain [127.0.0.1])
by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p2EENVWS005288
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for ; Mon, 14 Mar 2011 14:23:32 GMT
In-Reply-To:
Sender: linux-ext4-owner@vger.kernel.org
List-ID:
https://bugzilla.kernel.org/show_bug.cgi?id=3D30872
Eric Sandeen changed:
What |Removed |Added
-----------------------------------------------------------------------=
-----
CC| |sandeen@redhat.com
--- Comment #2 from Eric Sandeen 2011-03-14 14:23=
:29 ---
(In reply to comment #1)
=2E..
> > If ext4_mb_add_groupinfo() fails for some reason (e.g. if memory al=
location at
> > line 2296 fails), ext4_mb_init_backend() tries to call kfree() for =
each
> > element in sbi->s_group_info array, including the ones that have no=
t been
> > initialized yet:
> >
> > fs/ext4/mballoc.c:2414:
> > err_freebuddy:
> > =C2=A0 =C2=A0cachep =3D get_groupinfo_cache(sb->s_blocksize_bits);
> > =C2=A0 =C2=A0while (i-- > 0)
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0kmem_cache_free(cachep, ext4_get_group_i=
nfo(sb, i));
> > =C2=A0 =C2=A0i =3D num_meta_group_infos;
> > =C2=A0 =C2=A0while (i-- > 0)
>=20
> literally understand, should be
> while (--i >=3D 0)
>=20
> Could you try with above?
Hm, that probably is the most direct fix.
I sent a patch here:
http://marc.info/?l=3Dlinux-ext4&m=3D129979820301087&w=3D2
which initializes all the pointers to NULL and only frees if they are n=
on-NULL,=20
which may be more foolproof, but might also be overkill.
-Eric
--=20
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=3Demai=
l
------- You are receiving this mail because: -------
You are watching the assignee of the bug.--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" i=
n
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html