• A
    cifs: double free on mount failure · 6d686175
    Al Viro 提交于
    if we get to out_super with ->s_root already set (e.g. with
    cifs_get_root() failure), we'll end up with cifs_put_super()
    called and ->mountdata freed twice.  We'll also get cifs_sb
    freed twice and cifs_sb->local_nls dropped twice.  The problem
    is, we can get to out_super both with and without ->s_root,
    which makes ->put_super() a bad place for such work.
    
    Switch to ->kill_sb(), have all that work done there after
    kill_anon_super().  Unlike ->put_super(), ->kill_sb() is
    called by deactivate_locked_super() whether we have ->s_root
    or not.
    Acked-by: NPavel Shilovsky <piastryyy@gmail.com>
    Reviewed-by: NJeff Layton <jlayton@redhat.com>
    Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
    6d686175
cifsfs.c 32.7 KB