aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorDavid Rientjes <rientjes@google.com>2012-10-17 23:41:15 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-18 15:35:58 -0400
commit43385846968b082bb6c174e8b17479e5123b8d73 (patch)
treeb485e28471a2f785681679a5ca92b11e27658bdd /fs
parentd63e210ef1546c2e0a725ba804cae5bc38731ad7 (diff)
fs, xattr: fix bug when removing a name not in xattr list
Commit 38f38657444d ("xattr: extract simple_xattr code from tmpfs") moved some code from tmpfs but introduced a subtle bug along the way. If the name passed to simple_xattr_remove() does not exist in the list of xattrs, then it is possible to call kfree(new_xattr) when new_xattr is actually initialized to itself on the stack via uninitialized_var(). This causes a BUG() since the memory was not allocated via the slab allocator and was not bypassed through to the page allocator because it was too large. Initialize the local variable to NULL so the kfree() never takes place. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: David Rientjes <rientjes@google.com> Acked-by: Hugh Dickins <hughd@google.com> Acked-by: Aristeu Rozanski <aris@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/xattr.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xattr.c b/fs/xattr.c
index e164dddb8e96..e21c119f4f99 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -846,7 +846,7 @@ static int __simple_xattr_set(struct simple_xattrs *xattrs, const char *name,
846 const void *value, size_t size, int flags) 846 const void *value, size_t size, int flags)
847{ 847{
848 struct simple_xattr *xattr; 848 struct simple_xattr *xattr;
849 struct simple_xattr *uninitialized_var(new_xattr); 849 struct simple_xattr *new_xattr = NULL;
850 int err = 0; 850 int err = 0;
851 851
852 /* value == NULL means remove */ 852 /* value == NULL means remove */