[PATCH] v9fs: fix for access to unitialized variables or freed memory
Latchesar Ionkov [Wed, 8 Mar 2006 05:55:42 +0000 (21:55 -0800)]
Miscellaneous fixes related to accessing uninitialized variables or memory
that was already freed.

Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@ericvh.myip.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/9p/9p.c
fs/9p/trans_fd.c
fs/9p/vfs_inode.c
fs/9p/vfs_super.c

index 1a6d087..f86a28d 100644 (file)
@@ -111,7 +111,6 @@ static void v9fs_t_clunk_cb(void *a, struct v9fs_fcall *tc,
        if (!rc)
                return;
 
-       dprintk(DEBUG_9P, "tcall id %d rcall id %d\n", tc->id, rc->id);
        v9ses = a;
        if (rc->id == RCLUNK)
                v9fs_put_idpool(fid, &v9ses->fidpool);
index 1a28ef9..5b2ce21 100644 (file)
@@ -80,6 +80,7 @@ static int v9fs_fd_send(struct v9fs_transport *trans, void *v, int len)
        if (!trans || trans->status != Connected || !ts)
                return -EIO;
 
+       oldfs = get_fs();
        set_fs(get_ds());
        /* The cast to a user pointer is valid due to the set_fs() */
        ret = vfs_write(ts->out_file, (void __user *)v, len, &ts->out_file->f_pos);
index dce729d..3ad8455 100644 (file)
@@ -265,8 +265,7 @@ v9fs_create(struct v9fs_session_info *v9ses, u32 pfid, char *name,
        fid = v9fs_get_idpool(&v9ses->fidpool);
        if (fid < 0) {
                eprintk(KERN_WARNING, "no free fids available\n");
-               err = -ENOSPC;
-               goto error;
+               return -ENOSPC;
        }
 
        err = v9fs_t_walk(v9ses, pfid, fid, NULL, &fcall);
@@ -313,8 +312,7 @@ v9fs_clone_walk(struct v9fs_session_info *v9ses, u32 fid, struct dentry *dentry)
        nfid = v9fs_get_idpool(&v9ses->fidpool);
        if (nfid < 0) {
                eprintk(KERN_WARNING, "no free fids available\n");
-               err = -ENOSPC;
-               goto error;
+               return ERR_PTR(-ENOSPC);
        }
 
        err = v9fs_t_walk(v9ses, fid, nfid, (char *) dentry->d_name.name,
@@ -612,7 +610,7 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
        int result = 0;
 
        dprintk(DEBUG_VFS, "dir: %p dentry: (%s) %p nameidata: %p\n",
-               dir, dentry->d_iname, dentry, nameidata);
+               dir, dentry->d_name.name, dentry, nameidata);
 
        sb = dir->i_sb;
        v9ses = v9fs_inode2v9ses(dir);
index cdf787e..d05318f 100644 (file)
@@ -156,7 +156,6 @@ static struct super_block *v9fs_get_sb(struct file_system_type
        stat_result = v9fs_t_stat(v9ses, newfid, &fcall);
        if (stat_result < 0) {
                dprintk(DEBUG_ERROR, "stat error\n");
-               kfree(fcall);
                v9fs_t_clunk(v9ses, newfid);
        } else {
                /* Setup the Root Inode */