diff options
author | Al Viro <viro@ZenIV.linux.org.uk> | 2013-11-20 22:16:36 +0000 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-11-20 14:22:14 -0800 |
commit | 2a46eed54a28c1e3de701ca4237ce4f8bebf14c6 (patch) | |
tree | d1bb3671fed7746110175a480b72a543bfd3d271 | |
parent | 82023bb7f75b0052f40d3e74169d191c3e4e6286 (diff) | |
download | linux-2a46eed54a28c1e3de701ca4237ce4f8bebf14c6.tar.bz2 |
Wrong page freed on preallocate_pmds() failure exit
Note that pmds[i] is simply uninitialized at that point...
Granted, it's very hard to hit (you need split page locks *and*
kmalloc(sizeof(spinlock_t), GFP_KERNEL) failing), but the code is
obviously bogus.
Introduced by commit 09ef4939850a ("x86: add missed
pgtable_pmd_page_ctor/dtor calls for preallocated pmds")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | arch/x86/mm/pgtable.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index a7cccb6d7fec..36aa999b2631 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -209,7 +209,7 @@ static int preallocate_pmds(pmd_t *pmds[]) if (!pmd) failed = true; if (pmd && !pgtable_pmd_page_ctor(virt_to_page(pmd))) { - free_page((unsigned long)pmds[i]); + free_page((unsigned long)pmd); pmd = NULL; failed = true; } |