From 7dac2d76047c39a42bc8a30c4a43a50bce761bb0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 25 Oct 2011 04:14:25 +0200
Subject: [PATCH] 3.0 patches

---
 ...ers-in-hfsplus_fill_super-error-path.patch | 54 +++++++++++++++++++
 queue-3.0/series                              |  1 +
 2 files changed, 55 insertions(+)
 create mode 100644 queue-3.0/hfsplus-fix-kfree-of-wrong-pointers-in-hfsplus_fill_super-error-path.patch

diff --git a/queue-3.0/hfsplus-fix-kfree-of-wrong-pointers-in-hfsplus_fill_super-error-path.patch b/queue-3.0/hfsplus-fix-kfree-of-wrong-pointers-in-hfsplus_fill_super-error-path.patch
new file mode 100644
index 00000000000..6a8b786988b
--- /dev/null
+++ b/queue-3.0/hfsplus-fix-kfree-of-wrong-pointers-in-hfsplus_fill_super-error-path.patch
@@ -0,0 +1,54 @@
+From f588c960fcaa6fa8bf82930bb819c9aca4eb9347 Mon Sep 17 00:00:00 2001
+From: Seth Forshee <seth.forshee@canonical.com>
+Date: Thu, 15 Sep 2011 10:48:27 -0400
+Subject: hfsplus: Fix kfree of wrong pointers in hfsplus_fill_super() error path
+
+From: Seth Forshee <seth.forshee@canonical.com>
+
+commit f588c960fcaa6fa8bf82930bb819c9aca4eb9347 upstream.
+
+Commit 6596528e391a ("hfsplus: ensure bio requests are not smaller than
+the hardware sectors") changed the pointers used for volume header
+allocations but failed to free the correct pointers in the error path
+path of hfsplus_fill_super() and hfsplus_read_wrapper.
+
+The second hunk came from a separate patch by Pavel Ivanov.
+
+Reported-by: Pavel Ivanov <paivanof@gmail.com>
+Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
+Signed-off-by: Christoph Hellwig <hch@tuxera.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/hfsplus/super.c   |    4 ++--
+ fs/hfsplus/wrapper.c |    4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/fs/hfsplus/super.c
++++ b/fs/hfsplus/super.c
+@@ -508,8 +508,8 @@ out_close_cat_tree:
+ out_close_ext_tree:
+ 	hfs_btree_close(sbi->ext_tree);
+ out_free_vhdr:
+-	kfree(sbi->s_vhdr);
+-	kfree(sbi->s_backup_vhdr);
++	kfree(sbi->s_vhdr_buf);
++	kfree(sbi->s_backup_vhdr_buf);
+ out_unload_nls:
+ 	unload_nls(sbi->nls);
+ 	unload_nls(nls);
+--- a/fs/hfsplus/wrapper.c
++++ b/fs/hfsplus/wrapper.c
+@@ -275,9 +275,9 @@ reread:
+ 	return 0;
+ 
+ out_free_backup_vhdr:
+-	kfree(sbi->s_backup_vhdr);
++	kfree(sbi->s_backup_vhdr_buf);
+ out_free_vhdr:
+-	kfree(sbi->s_vhdr);
++	kfree(sbi->s_vhdr_buf);
+ out:
+ 	return error;
+ }
diff --git a/queue-3.0/series b/queue-3.0/series
index f59dcfdce9a..a8e5758fac1 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -26,3 +26,4 @@ x25-prevent-skb-overreads-when-checking-call-user-data.patch
 crypto-ghash-avoid-null-pointer-dereference-if-no-key-is-set.patch
 alsa-hda-conexant-support-for-lenovo-t520-w520.patch
 alsa-hda-add-position_fix-quirk-for-dell-inspiron-1010.patch
+hfsplus-fix-kfree-of-wrong-pointers-in-hfsplus_fill_super-error-path.patch
-- 
2.47.3