summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrill Gorcunov <gorcunov@gmail.com>2010-07-27 11:56:07 -0400
committerTheodore Ts'o <tytso@mit.edu>2010-07-27 11:56:07 -0400
commitdcc7dae3cb21184a317f10a12250bd8d6f458077 (patch)
tree1f40c22059a9ccbb0ef3ea6fde0e015290db2765
parent0c095c7f113e9fd05913d6e1b2cccbe356be039e (diff)
downloadlinux-3.10-dcc7dae3cb21184a317f10a12250bd8d6f458077.tar.gz
linux-3.10-dcc7dae3cb21184a317f10a12250bd8d6f458077.tar.bz2
linux-3.10-dcc7dae3cb21184a317f10a12250bd8d6f458077.zip
ext4: Fix potential memory leak in ext4_fill_super
Under heavy memory pressure we may hit out of memory situation and as result kstrdup'ed options will not be freed. Fix it. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-rw-r--r--fs/ext4/super.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ed00c14d708..d573f6c1a4d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2550,7 +2550,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
struct inode *root;
char *cp;
const char *descr;
- int ret = -EINVAL;
+ int ret = -ENOMEM;
int blocksize;
unsigned int db_count;
unsigned int i;
@@ -2561,13 +2561,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
if (!sbi)
- return -ENOMEM;
+ goto out_free_orig;
sbi->s_blockgroup_lock =
kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL);
if (!sbi->s_blockgroup_lock) {
kfree(sbi);
- return -ENOMEM;
+ goto out_free_orig;
}
sb->s_fs_info = sbi;
sbi->s_mount_opt = 0;
@@ -2584,6 +2584,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
for (cp = sb->s_id; (cp = strchr(cp, '/'));)
*cp = '!';
+ ret = -EINVAL;
blocksize = sb_min_blocksize(sb, EXT4_MIN_BLOCK_SIZE);
if (!blocksize) {
ext4_msg(sb, KERN_ERR, "unable to set blocksize");
@@ -3190,6 +3191,7 @@ out_fail:
kfree(sbi->s_blockgroup_lock);
kfree(sbi);
lock_kernel();
+out_free_orig:
kfree(orig_data);
return ret;
}