From: Michael Halcrow The file_info struct is being released, and then one of its members is referenced from the released memory. This patch cleans up the function and moves the release so that it occurs after the reference. Signed-off-by: Michael Halcrow Signed-off-by: Andrew Morton --- fs/ecryptfs/file.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff -puN fs/ecryptfs/file.c~ecryptfs-file-operations-fix-premature-release-of-file_info-memory fs/ecryptfs/file.c --- devel/fs/ecryptfs/file.c~ecryptfs-file-operations-fix-premature-release-of-file_info-memory 2006-05-30 17:48:13.000000000 -0700 +++ devel-akpm/fs/ecryptfs/file.c 2006-05-30 17:48:13.000000000 -0700 @@ -304,18 +304,15 @@ static int ecryptfs_flush(struct file *f return rc; } -static int ecryptfs_release(struct inode *ecryptfs_inode, struct file *file) +static int ecryptfs_release(struct inode *inode, struct file *file) { - struct file *lower_file; - struct ecryptfs_file_info *file_info; - struct inode *lower_inode; + struct file *lower_file = ecryptfs_file_to_lower(file); + struct ecryptfs_file_info *file_info = ecryptfs_file_to_private(file); + struct inode *lower_inode = ecryptfs_inode_to_lower(inode); - file_info = ecryptfs_file_to_private(file); - kmem_cache_free(ecryptfs_file_info_cache, file_info); - lower_file = ecryptfs_file_to_lower(file); fput(lower_file); - lower_inode = ecryptfs_inode_to_lower(ecryptfs_inode); - ecryptfs_inode->i_blocks = lower_inode->i_blocks; + inode->i_blocks = lower_inode->i_blocks; + kmem_cache_free(ecryptfs_file_info_cache, file_info); return 0; } _