[Ocfs2-devel] [PATCH] ocfs2: Fix panic on kfree(xattr->name)

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Wed Mar 19 15:02:33 PDT 2014 

Thank you for testing.

Mark and Joel, would you pick up this patch via your tree?

Tariq Saeed wrote:
> The patch works. What is the plan for submitting to mainline?
> Thanks,
> -Tariq
> 
> On 03/19/2014 05:55 AM, Tetsuo Handa wrote:
> > Tariq Saeed wrote:
> >> This commit did not take into account the callers of this function who
> >> assume they need to kfree() the name. It causes panic in ocfs2 on create
> >> file. I am puzzled how did this commit got into the tree without changing
> >> the callsites to NOT call kfree anymore. Am I missing something?
> >
> > You are right. It is my mistake. I didn't realize that ocfs2 is calling kfree()
> > on the name field. Would you please test below patch?
> >
> > Regards.
> > ----------
> >>From 3940749700148f58265407987f813b773515661a Mon Sep 17 00:00:00 2001
> > From: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> > Date: Wed, 19 Mar 2014 21:49:21 +0900
> > Subject: [PATCH] ocfs2: Fix panic on kfree(xattr->name)
> >
> > Commit 9548906b 'xattr: Constify ->name member of "struct xattr".' missed that
> > ocfs2 is calling kfree(xattr->name). As a result, kernel panic occurs upon
> > calling kfree(xattr->name) because xattr->name refers static constant names.
> > This patch removes kfree(xattr->name) from ocfs2_mknod() and ocfs2_symlink().
> >
> > Reported-by: Tariq Saeed <tariq.x.saeed at oracle.com>
> > Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> > Cc: <stable at vger.kernel.org> [3.12+]
> > ---
> >   fs/ocfs2/namei.c |    2 --
> >   1 files changed, 0 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
> > index 3683643..feed025 100644
> > --- a/fs/ocfs2/namei.c
> > +++ b/fs/ocfs2/namei.c
> > @@ -450,7 +450,6 @@ leave:
> >
> >   	brelse(new_fe_bh);
> >   	brelse(parent_fe_bh);
> > -	kfree(si.name);
> >   	kfree(si.value);
> >
> >   	ocfs2_free_dir_lookup_result(&lookup);
> > @@ -1855,7 +1854,6 @@ bail:
> >
> >   	brelse(new_fe_bh);
> >   	brelse(parent_fe_bh);
> > -	kfree(si.name);
> >   	kfree(si.value);
> >   	ocfs2_free_dir_lookup_result(&lookup);
> >   	if (inode_ac)
> >
>

More information about the Ocfs2-devel mailing list