Commit cd9cb405 authored by Eric Biggers's avatar Eric Biggers Committed by Theodore Ts'o

jbd2: don't leak memory if setting up journal fails

In journal_init_common(), if we failed to allocate the j_wbuf array, or
if we failed to create the buffer_head for the journal superblock, we
leaked the memory allocated for the revocation tables.  Fix this.

Cc: stable@vger.kernel.org # 4.9
Fixes: f0c9fd54Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Reviewed-by: default avatarJan Kara <jack@suse.cz>
parent b9cf625d
...@@ -1125,10 +1125,8 @@ static journal_t *journal_init_common(struct block_device *bdev, ...@@ -1125,10 +1125,8 @@ static journal_t *journal_init_common(struct block_device *bdev,
/* Set up a default-sized revoke table for the new mount. */ /* Set up a default-sized revoke table for the new mount. */
err = jbd2_journal_init_revoke(journal, JOURNAL_REVOKE_DEFAULT_HASH); err = jbd2_journal_init_revoke(journal, JOURNAL_REVOKE_DEFAULT_HASH);
if (err) { if (err)
kfree(journal); goto err_cleanup;
return NULL;
}
spin_lock_init(&journal->j_history_lock); spin_lock_init(&journal->j_history_lock);
...@@ -1145,23 +1143,25 @@ static journal_t *journal_init_common(struct block_device *bdev, ...@@ -1145,23 +1143,25 @@ static journal_t *journal_init_common(struct block_device *bdev,
journal->j_wbufsize = n; journal->j_wbufsize = n;
journal->j_wbuf = kmalloc_array(n, sizeof(struct buffer_head *), journal->j_wbuf = kmalloc_array(n, sizeof(struct buffer_head *),
GFP_KERNEL); GFP_KERNEL);
if (!journal->j_wbuf) { if (!journal->j_wbuf)
kfree(journal); goto err_cleanup;
return NULL;
}
bh = getblk_unmovable(journal->j_dev, start, journal->j_blocksize); bh = getblk_unmovable(journal->j_dev, start, journal->j_blocksize);
if (!bh) { if (!bh) {
pr_err("%s: Cannot get buffer for journal superblock\n", pr_err("%s: Cannot get buffer for journal superblock\n",
__func__); __func__);
kfree(journal->j_wbuf); goto err_cleanup;
kfree(journal);
return NULL;
} }
journal->j_sb_buffer = bh; journal->j_sb_buffer = bh;
journal->j_superblock = (journal_superblock_t *)bh->b_data; journal->j_superblock = (journal_superblock_t *)bh->b_data;
return journal; return journal;
err_cleanup:
kfree(journal->j_wbuf);
jbd2_journal_destroy_revoke(journal);
kfree(journal);
return NULL;
} }
/* jbd2_journal_init_dev and jbd2_journal_init_inode: /* jbd2_journal_init_dev and jbd2_journal_init_inode:
......
...@@ -280,6 +280,7 @@ int jbd2_journal_init_revoke(journal_t *journal, int hash_size) ...@@ -280,6 +280,7 @@ int jbd2_journal_init_revoke(journal_t *journal, int hash_size)
fail1: fail1:
jbd2_journal_destroy_revoke_table(journal->j_revoke_table[0]); jbd2_journal_destroy_revoke_table(journal->j_revoke_table[0]);
journal->j_revoke_table[0] = NULL;
fail0: fail0:
return -ENOMEM; return -ENOMEM;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment