Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a32079ce authored by Jonathan Brassow's avatar Jonathan Brassow Committed by Alasdair G Kergon
Browse files

dm snapshot: persistent fix dtr cleanup 



The persistent exception store destructor does not properly
account for all conditions in which it can be called.  If it
is called after 'ctr' but before 'read_metadata' (e.g. if
something else in 'snapshot_ctr' fails) then it will attempt
to free areas of memory that haven't been allocated yet.

Signed-off-by: default avatarJonathan Brassow <jbrassow@redhat.com>
Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
parent 1e302a92

drivers/md/dm-snap-persistent.c

+15 −5
Original line number Diff line number Diff line
@@ -162,8 +162,11 @@ static int alloc_area(struct pstore *ps) 


static void free_area(struct pstore *ps)

{

	if (ps->area)

		vfree(ps->area);

	ps->area = NULL;



	if (ps->zero_area)

		vfree(ps->zero_area);

	ps->zero_area = NULL;

}
@@ -482,9 +485,16 @@ static void persistent_dtr(struct dm_exception_store *store) 
	struct pstore *ps = get_info(store);



	destroy_workqueue(ps->metadata_wq);



	/* Created in read_header */

	if (ps->io_client)

		dm_io_client_destroy(ps->io_client);

	vfree(ps->callbacks);

	free_area(ps);



	/* Allocated in persistent_read_metadata */

	if (ps->callbacks)

		vfree(ps->callbacks);



	kfree(ps);

}
@@ -661,7 +671,7 @@ static int persistent_ctr(struct dm_exception_store *store, 
	struct pstore *ps;



	/* allocate the pstore */

	ps = kmalloc(sizeof(*ps), GFP_KERNEL);

	ps = kzalloc(sizeof(*ps), GFP_KERNEL);

	if (!ps)

		return -ENOMEM;