Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3850aba7 authored by Al Viro's avatar Al Viro
Browse files

devpts: fix double-free on mount failure 



devpts_kill_sb() is called even if devpts_fill_super() fails;
we should not do that kfree() in the latter, especially not
with ->s_fs_info left pointing to freed object.  Double kfree()
is a Bad Thing(tm)...

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 87da5b32

fs/devpts/inode.c

+1 −3
Original line number Diff line number Diff line
@@ -301,7 +301,7 @@ devpts_fill_super(struct super_block *s, void *data, int silent) 


	inode = new_inode(s);

	if (!inode)

		goto free_fsi;

		goto fail;

	inode->i_ino = 1;

	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;

	inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
@@ -316,8 +316,6 @@ devpts_fill_super(struct super_block *s, void *data, int silent) 
	printk(KERN_ERR "devpts: get root dentry failed\n");

	iput(inode);



free_fsi:

	kfree(s->s_fs_info);

fail:

	return -ENOMEM;

}