Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f8201abc authored by Ingo Molnar's avatar Ingo Molnar Committed by Linus Torvalds
Browse files

ramfs: fix double freeing s_fs_info on failed mount 



If ramfs mount fails, s_fs_info will be freed twice in ramfs_fill_super()
and ramfs_kill_sb(), leading to kernel oops.

Consolidate and beautify the code.
Make sure s_fs_info and s_root are in known good states.

Acked-by: default avatarWu Fengguang <fengguang.wu@intel.com>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 4ef4327b

fs/ramfs/inode.c

+11 −8
Original line number Diff line number Diff line
@@ -221,11 +221,11 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent) 
	save_mount_options(sb, data);



	fsi = kzalloc(sizeof(struct ramfs_fs_info), GFP_KERNEL);

	sb->s_fs_info = fsi;

	if (!fsi) {

		err = -ENOMEM;

		goto fail;

	}

	sb->s_fs_info = fsi;



	err = ramfs_parse_options(data, &fsi->mount_opts);

	if (err)
@@ -237,6 +237,7 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent) 
	sb->s_magic		= RAMFS_MAGIC;

	sb->s_op		= &ramfs_ops;

	sb->s_time_gran		= 1;



	inode = ramfs_get_inode(sb, S_IFDIR | fsi->mount_opts.mode, 0);

	if (!inode) {

		err = -ENOMEM;
@@ -244,14 +245,16 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent) 
	}



	root = d_alloc_root(inode);

	sb->s_root = root;

	if (!root) {

		err = -ENOMEM;

		goto fail;

	}

	sb->s_root = root;



	return 0;

fail:

	kfree(fsi);

	sb->s_fs_info = NULL;

	iput(inode);

	return err;

}