cgroups: avoid accessing uninitialized data in failure path

If cgroup_get_rootdir() failed, free_cg_links() will be called in the failure path, but tmp_cg_links hasn't been initialized at that time. I introduced this bug in the 2.6.27 merge window. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: Paul Menage <menage@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Li Zefan <lizf@cn.fujitsu.com> 2008-12-23 16:57:14 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-23 18:58:21 -0500
commit: 20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d (patch)
tree: 508c0b887653577a2e28dc238c820178593f0f91
parent: e368d3a836797ddf193b1ec18c97407a791d2451 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index a3415507bd0a..2606d0fb4e54 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1024,7 +1024,7 @@ static int cgroup_get_sb(struct file_system_type *fs_type,
                if (ret == -EBUSY) {
                        mutex_unlock(&cgroup_mutex);
                        mutex_unlock(&inode->i_mutex);
-                        goto drop_new_super;
+                        goto free_cg_links;
                }
                /* EBUSY should be the only error here */
@@ -1073,10 +1073,11 @@ static int cgroup_get_sb(struct file_system_type *fs_type,
        return simple_set_mnt(mnt, sb);
+ free_cg_links:
+        free_cg_links(&tmp_cg_links);
 drop_new_super:
        up_write(&sb->s_umount);
        deactivate_super(sb);
-        free_cg_links(&tmp_cg_links);
        return ret;
 }
author	Li Zefan <lizf@cn.fujitsu.com>	2008-12-23 16:57:14 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-23 18:58:21 -0500
commit	20ca9b3f4c6dfa0af8dd5b18a64df17eb994b54d (patch)
tree	508c0b887653577a2e28dc238c820178593f0f91
parent	e368d3a836797ddf193b1ec18c97407a791d2451 (diff)