Commit 26562449 authored by Al Viro's avatar Al Viro

Fix double-free in logfs

iput() is needed *until* we'd done successful d_alloc_root()
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent d83c49f3
...@@ -333,27 +333,27 @@ static int logfs_get_sb_final(struct super_block *sb, struct vfsmount *mnt) ...@@ -333,27 +333,27 @@ static int logfs_get_sb_final(struct super_block *sb, struct vfsmount *mnt)
goto fail; goto fail;
sb->s_root = d_alloc_root(rootdir); sb->s_root = d_alloc_root(rootdir);
if (!sb->s_root) if (!sb->s_root) {
goto fail2; iput(rootdir);
goto fail;
}
super->s_erase_page = alloc_pages(GFP_KERNEL, 0); super->s_erase_page = alloc_pages(GFP_KERNEL, 0);
if (!super->s_erase_page) if (!super->s_erase_page)
goto fail2; goto fail;
memset(page_address(super->s_erase_page), 0xFF, PAGE_SIZE); memset(page_address(super->s_erase_page), 0xFF, PAGE_SIZE);
/* FIXME: check for read-only mounts */ /* FIXME: check for read-only mounts */
err = logfs_make_writeable(sb); err = logfs_make_writeable(sb);
if (err) if (err)
goto fail3; goto fail1;
log_super("LogFS: Finished mounting\n"); log_super("LogFS: Finished mounting\n");
simple_set_mnt(mnt, sb); simple_set_mnt(mnt, sb);
return 0; return 0;
fail3: fail1:
__free_page(super->s_erase_page); __free_page(super->s_erase_page);
fail2:
iput(rootdir);
fail: fail:
iput(logfs_super(sb)->s_master_inode); iput(logfs_super(sb)->s_master_inode);
return -EIO; return -EIO;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment