* [PATCH 0/2] reiserfs: Two small fixes
@ 2019-12-12 10:50 Jan Kara
2019-12-12 10:50 ` Jan Kara
2019-12-12 10:50 ` [PATCH 2/2] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling Jan Kara
0 siblings, 2 replies; 4+ messages in thread
From: Jan Kara @ 2019-12-12 10:50 UTC (permalink / raw)
To: reiserfs-devel; +Cc: linux-fsdevel, Jan Kara
Hello,
these two patches fix two small issues in reiserfs, one of them spotted by
syzbot (which made me look into the code and find the second). If nobody
objects, I'll merge these through my tree.
Honza
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] reiserfs: Fix memory leak of journal device string
2019-12-12 10:50 [PATCH 0/2] reiserfs: Two small fixes Jan Kara
@ 2019-12-12 10:50 ` Jan Kara
2019-12-12 10:50 ` [PATCH 2/2] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling Jan Kara
1 sibling, 0 replies; 4+ messages in thread
From: Jan Kara @ 2019-12-12 10:50 UTC (permalink / raw)
To: reiserfs-devel; +Cc: linux-fsdevel, Jan Kara, stable
When a filesystem is mounted with jdev mount option, we store the
journal device name in an allocated string in superblock. However we
fail to ever free that string. Fix it.
Reported-by: syzbot+1c6756baf4b16b94d2a6@syzkaller.appspotmail.com
Fixes: c3aa077648e1 ("reiserfs: Properly display mount options in /proc/mounts")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/reiserfs/super.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index 3244037b1286..d127af64283e 100644
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -629,6 +629,7 @@ static void reiserfs_put_super(struct super_block *s)
reiserfs_write_unlock(s);
mutex_destroy(&REISERFS_SB(s)->lock);
destroy_workqueue(REISERFS_SB(s)->commit_wq);
+ kfree(REISERFS_SB(s)->s_jdev);
kfree(s->s_fs_info);
s->s_fs_info = NULL;
}
@@ -2240,6 +2241,7 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent)
kfree(qf_names[j]);
}
#endif
+ kfree(sbi->s_jdev);
kfree(sbi);
s->s_fs_info = NULL;
--
2.16.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 1/2] reiserfs: Fix memory leak of journal device string
@ 2019-12-12 10:50 ` Jan Kara
0 siblings, 0 replies; 4+ messages in thread
From: Jan Kara @ 2019-12-12 10:50 UTC (permalink / raw)
To: reiserfs-devel; +Cc: linux-fsdevel, Jan Kara, stable
When a filesystem is mounted with jdev mount option, we store the
journal device name in an allocated string in superblock. However we
fail to ever free that string. Fix it.
Reported-by: syzbot+1c6756baf4b16b94d2a6@syzkaller.appspotmail.com
Fixes: c3aa077648e1 ("reiserfs: Properly display mount options in /proc/mounts")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/reiserfs/super.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index 3244037b1286..d127af64283e 100644
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -629,6 +629,7 @@ static void reiserfs_put_super(struct super_block *s)
reiserfs_write_unlock(s);
mutex_destroy(&REISERFS_SB(s)->lock);
destroy_workqueue(REISERFS_SB(s)->commit_wq);
+ kfree(REISERFS_SB(s)->s_jdev);
kfree(s->s_fs_info);
s->s_fs_info = NULL;
}
@@ -2240,6 +2241,7 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent)
kfree(qf_names[j]);
}
#endif
+ kfree(sbi->s_jdev);
kfree(sbi);
s->s_fs_info = NULL;
--
2.16.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
2019-12-12 10:50 [PATCH 0/2] reiserfs: Two small fixes Jan Kara
2019-12-12 10:50 ` Jan Kara
@ 2019-12-12 10:50 ` Jan Kara
1 sibling, 0 replies; 4+ messages in thread
From: Jan Kara @ 2019-12-12 10:50 UTC (permalink / raw)
To: reiserfs-devel; +Cc: linux-fsdevel, Jan Kara
When we fail to allocate string for journal device name we jump to
'error' label which tries to unlock reiserfs write lock which is not
held. Jump to 'error_unlocked' instead.
Fixes: f32485be8397 ("reiserfs: delay reiserfs lock until journal initialization")
Signed-off-by: Jan Kara <jack@suse.cz>
---
fs/reiserfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index d127af64283e..a6bce5b1fb1d 100644
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -1948,7 +1948,7 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent)
if (!sbi->s_jdev) {
SWARN(silent, s, "", "Cannot allocate memory for "
"journal device name");
- goto error;
+ goto error_unlocked;
}
}
#ifdef CONFIG_QUOTA
--
2.16.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-12-12 10:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-12 10:50 [PATCH 0/2] reiserfs: Two small fixes Jan Kara
2019-12-12 10:50 ` [PATCH 1/2] reiserfs: Fix memory leak of journal device string Jan Kara
2019-12-12 10:50 ` Jan Kara
2019-12-12 10:50 ` [PATCH 2/2] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling Jan Kara
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.