diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-08 19:40:27 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-08 20:19:03 -0500 |
commit | 3850aba74873aa47fefe6900b99f42f5e656a6e7 (patch) | |
tree | 24f91e8cf4296a86678553809a935f355ae88de0 | |
parent | 87da5b3264c8514b85c6c6e8ef51b9440eee2030 (diff) | |
download | op-kernel-dev-3850aba74873aa47fefe6900b99f42f5e656a6e7.zip op-kernel-dev-3850aba74873aa47fefe6900b99f42f5e656a6e7.tar.gz |
devpts: fix double-free on mount failure
devpts_kill_sb() is called even if devpts_fill_super() fails;
we should not do that kfree() in the latter, especially not
with ->s_fs_info left pointing to freed object. Double kfree()
is a Bad Thing(tm)...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/devpts/inode.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 79673eb..c4e2a58 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -301,7 +301,7 @@ devpts_fill_super(struct super_block *s, void *data, int silent) inode = new_inode(s); if (!inode) - goto free_fsi; + goto fail; inode->i_ino = 1; inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR; @@ -316,8 +316,6 @@ devpts_fill_super(struct super_block *s, void *data, int silent) printk(KERN_ERR "devpts: get root dentry failed\n"); iput(inode); -free_fsi: - kfree(s->s_fs_info); fail: return -ENOMEM; } |