www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Thomas Tai <thomas.tai@oracle.com>
	Wed, 22 Mar 2017 17:52:11 +0000 (10:52 -0700)
committer	Dhaval Giani <dhaval.giani@oracle.com>
	Mon, 29 May 2017 20:46:24 +0000 (16:46 -0400)
commit	a261ad64d409fcc06a2fed1a43d937fbb843c7f9
tree	5353fca73c1a22ea449eb829cf5c5dc09ff88136	tree
parent	7dc1eadc69ed28426e954d9681a95ec0a00e54d8	commit \| diff

gfs2: fix slab corruption during mounting and umounting gfs file system

During mounting and unmounting GFS2 file system, kernel panic happens
due to slab memory corruption. The slab allocator suggests that it is
likely a double free memory corrruption. The issue is traced back to
v3.9-rc6 where a patch is submitted to use kzalloc() for storing a
bitmap instead of using a local variable. The intention is to allocate
memory during mounting and to free memory during unmounting. The original
patch misses a code path which has already freed the memory and caused
memory corruption. This patch sets the memory pointer to NULL after
the memory is freed, so that double free memory corruption will not
be happened.

gdlm_mount()
  '-- set_recover_size() which use kzalloc()
  '-- if dlm does not support ops callbacks then
          '--- free_recover_size() which use kfree()

gldm_unmount()
  '-- free_recover_size() which use kfree()

previous patch which introduce the double free issue is
commit 57c7310b8eb9 ("GFS2: use kmalloc for lvb bitmap")

orabug: 25253085
orabug: 25791662

Signed-off-by: Thomas Tai <thomas.tai@oracle.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com>