Commit 5998649f authored by Al Viro's avatar Al Viro

Fix failure exits in bfs_fill_super()

double iput(), leaks...
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 217686e9
...@@ -353,35 +353,35 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -353,35 +353,35 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
struct inode *inode; struct inode *inode;
unsigned i, imap_len; unsigned i, imap_len;
struct bfs_sb_info *info; struct bfs_sb_info *info;
long ret = -EINVAL; int ret = -EINVAL;
unsigned long i_sblock, i_eblock, i_eoff, s_size; unsigned long i_sblock, i_eblock, i_eoff, s_size;
info = kzalloc(sizeof(*info), GFP_KERNEL); info = kzalloc(sizeof(*info), GFP_KERNEL);
if (!info) if (!info)
return -ENOMEM; return -ENOMEM;
mutex_init(&info->bfs_lock);
s->s_fs_info = info; s->s_fs_info = info;
sb_set_blocksize(s, BFS_BSIZE); sb_set_blocksize(s, BFS_BSIZE);
bh = sb_bread(s, 0); info->si_sbh = sb_bread(s, 0);
if(!bh) if (!info->si_sbh)
goto out; goto out;
bfs_sb = (struct bfs_super_block *)bh->b_data; bfs_sb = (struct bfs_super_block *)info->si_sbh->b_data;
if (le32_to_cpu(bfs_sb->s_magic) != BFS_MAGIC) { if (le32_to_cpu(bfs_sb->s_magic) != BFS_MAGIC) {
if (!silent) if (!silent)
printf("No BFS filesystem on %s (magic=%08x)\n", printf("No BFS filesystem on %s (magic=%08x)\n",
s->s_id, le32_to_cpu(bfs_sb->s_magic)); s->s_id, le32_to_cpu(bfs_sb->s_magic));
goto out; goto out1;
} }
if (BFS_UNCLEAN(bfs_sb, s) && !silent) if (BFS_UNCLEAN(bfs_sb, s) && !silent)
printf("%s is unclean, continuing\n", s->s_id); printf("%s is unclean, continuing\n", s->s_id);
s->s_magic = BFS_MAGIC; s->s_magic = BFS_MAGIC;
info->si_sbh = bh;
if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) { if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) {
printf("Superblock is corrupted\n"); printf("Superblock is corrupted\n");
goto out; goto out1;
} }
info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) / info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) /
...@@ -390,7 +390,7 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -390,7 +390,7 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
imap_len = (info->si_lasti / 8) + 1; imap_len = (info->si_lasti / 8) + 1;
info->si_imap = kzalloc(imap_len, GFP_KERNEL); info->si_imap = kzalloc(imap_len, GFP_KERNEL);
if (!info->si_imap) if (!info->si_imap)
goto out; goto out1;
for (i = 0; i < BFS_ROOT_INO; i++) for (i = 0; i < BFS_ROOT_INO; i++)
set_bit(i, info->si_imap); set_bit(i, info->si_imap);
...@@ -398,15 +398,13 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -398,15 +398,13 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
inode = bfs_iget(s, BFS_ROOT_INO); inode = bfs_iget(s, BFS_ROOT_INO);
if (IS_ERR(inode)) { if (IS_ERR(inode)) {
ret = PTR_ERR(inode); ret = PTR_ERR(inode);
kfree(info->si_imap); goto out2;
goto out;
} }
s->s_root = d_alloc_root(inode); s->s_root = d_alloc_root(inode);
if (!s->s_root) { if (!s->s_root) {
iput(inode); iput(inode);
ret = -ENOMEM; ret = -ENOMEM;
kfree(info->si_imap); goto out2;
goto out;
} }
info->si_blocks = (le32_to_cpu(bfs_sb->s_end) + 1) >> BFS_BSIZE_BITS; info->si_blocks = (le32_to_cpu(bfs_sb->s_end) + 1) >> BFS_BSIZE_BITS;
...@@ -419,10 +417,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -419,10 +417,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
bh = sb_bread(s, info->si_blocks - 1); bh = sb_bread(s, info->si_blocks - 1);
if (!bh) { if (!bh) {
printf("Last block not available: %lu\n", info->si_blocks - 1); printf("Last block not available: %lu\n", info->si_blocks - 1);
iput(inode);
ret = -EIO; ret = -EIO;
kfree(info->si_imap); goto out3;
goto out;
} }
brelse(bh); brelse(bh);
...@@ -459,11 +455,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -459,11 +455,8 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
printf("Inode 0x%08x corrupted\n", i); printf("Inode 0x%08x corrupted\n", i);
brelse(bh); brelse(bh);
s->s_root = NULL; ret = -EIO;
kfree(info->si_imap); goto out3;
kfree(info);
s->s_fs_info = NULL;
return -EIO;
} }
if (!di->i_ino) { if (!di->i_ino) {
...@@ -483,11 +476,17 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent) ...@@ -483,11 +476,17 @@ static int bfs_fill_super(struct super_block *s, void *data, int silent)
s->s_dirt = 1; s->s_dirt = 1;
} }
dump_imap("read_super", s); dump_imap("read_super", s);
mutex_init(&info->bfs_lock);
return 0; return 0;
out3:
dput(s->s_root);
s->s_root = NULL;
out2:
kfree(info->si_imap);
out1:
brelse(info->si_sbh);
out: out:
brelse(bh); mutex_destroy(&info->bfs_lock);
kfree(info); kfree(info);
s->s_fs_info = NULL; s->s_fs_info = NULL;
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment