diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2010-04-28 20:57:02 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2010-05-15 07:16:33 -0400 |
commit | 265624495f5acf6077f8f8d264f8170573d8d752 (patch) | |
tree | 76e1b8cce3ac0116ade7df91c0d64471cf7cc03d | |
parent | d83c49f3e36cecd2e8823b6c48ffba083b8a5704 (diff) |
Fix double-free in logfs
iput() is needed *until* we'd done successful d_alloc_root()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/logfs/super.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/fs/logfs/super.c b/fs/logfs/super.c index 5866ee6e132..d7c23ed8349 100644 --- a/fs/logfs/super.c +++ b/fs/logfs/super.c @@ -333,27 +333,27 @@ static int logfs_get_sb_final(struct super_block *sb, struct vfsmount *mnt) goto fail; sb->s_root = d_alloc_root(rootdir); - if (!sb->s_root) - goto fail2; + if (!sb->s_root) { + iput(rootdir); + goto fail; + } super->s_erase_page = alloc_pages(GFP_KERNEL, 0); if (!super->s_erase_page) - goto fail2; + goto fail; memset(page_address(super->s_erase_page), 0xFF, PAGE_SIZE); /* FIXME: check for read-only mounts */ err = logfs_make_writeable(sb); if (err) - goto fail3; + goto fail1; log_super("LogFS: Finished mounting\n"); simple_set_mnt(mnt, sb); return 0; -fail3: +fail1: __free_page(super->s_erase_page); -fail2: - iput(rootdir); fail: iput(logfs_super(sb)->s_master_inode); return -EIO; |