hfs: fix memory leak when unmounting

When an HFS filesystem is unmounted, it leaks a 2-page bitmap.  Also,
under extreme memory pressure, it's possible that hfs_releasepage() may
use a tree pointer that has not been initialized, and if so, the release
request should just be rejected.

[[email protected]: free_pages(0) is legal, remove obvious comment]
Signed-off-by: Dave Anderson <[email protected]>
Tested-by: Eugene Teo <[email protected]>
Cc: Roman Zippel <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 9435dda8f1e015c27d20f84c167917b064816316..a1cbff2b4d99066718f9dd0a44c86cd4ec20de48 100644 (file)
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -70,6 +70,10 @@ static int hfs_releasepage(struct page *page, gfp_t mask)
                BUG();
                return 0;
        }
+
+       if (!tree)
+               return 0;
+
        if (tree->node_size >= PAGE_CACHE_SIZE) {
                nidx = page->index >> (tree->node_size_shift - PAGE_CACHE_SHIFT);
                spin_lock(&tree->hash_lock);

diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c
index 36ca2e1a4fa32b82f937fa415f77a92addfdd022..7b6165f25fbefe14cacb5a8be3464d79f20e84a1 100644 (file)
--- a/fs/hfs/mdb.c
+++ b/fs/hfs/mdb.c
@@ -349,6 +349,7 @@ void hfs_mdb_put(struct super_block *sb)
        if (HFS_SB(sb)->nls_disk)
                unload_nls(HFS_SB(sb)->nls_disk);
 
+       free_pages((unsigned long)HFS_SB(sb)->bitmap, PAGE_SIZE < 8192 ? 1 : 0);
        kfree(HFS_SB(sb));
        sb->s_fs_info = NULL;
 }