提交 f8201abc 编写于 作者: I Ingo Molnar 提交者: Linus Torvalds

ramfs: fix double freeing s_fs_info on failed mount

If ramfs mount fails, s_fs_info will be freed twice in ramfs_fill_super()
and ramfs_kill_sb(), leading to kernel oops.

Consolidate and beautify the code.
Make sure s_fs_info and s_root are in known good states.
Acked-by: NWu Fengguang <fengguang.wu@intel.com>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 4ef4327b
...@@ -221,22 +221,23 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent) ...@@ -221,22 +221,23 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent)
save_mount_options(sb, data); save_mount_options(sb, data);
fsi = kzalloc(sizeof(struct ramfs_fs_info), GFP_KERNEL); fsi = kzalloc(sizeof(struct ramfs_fs_info), GFP_KERNEL);
sb->s_fs_info = fsi;
if (!fsi) { if (!fsi) {
err = -ENOMEM; err = -ENOMEM;
goto fail; goto fail;
} }
sb->s_fs_info = fsi;
err = ramfs_parse_options(data, &fsi->mount_opts); err = ramfs_parse_options(data, &fsi->mount_opts);
if (err) if (err)
goto fail; goto fail;
sb->s_maxbytes = MAX_LFS_FILESIZE; sb->s_maxbytes = MAX_LFS_FILESIZE;
sb->s_blocksize = PAGE_CACHE_SIZE; sb->s_blocksize = PAGE_CACHE_SIZE;
sb->s_blocksize_bits = PAGE_CACHE_SHIFT; sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
sb->s_magic = RAMFS_MAGIC; sb->s_magic = RAMFS_MAGIC;
sb->s_op = &ramfs_ops; sb->s_op = &ramfs_ops;
sb->s_time_gran = 1; sb->s_time_gran = 1;
inode = ramfs_get_inode(sb, S_IFDIR | fsi->mount_opts.mode, 0); inode = ramfs_get_inode(sb, S_IFDIR | fsi->mount_opts.mode, 0);
if (!inode) { if (!inode) {
err = -ENOMEM; err = -ENOMEM;
...@@ -244,14 +245,16 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent) ...@@ -244,14 +245,16 @@ static int ramfs_fill_super(struct super_block * sb, void * data, int silent)
} }
root = d_alloc_root(inode); root = d_alloc_root(inode);
sb->s_root = root;
if (!root) { if (!root) {
err = -ENOMEM; err = -ENOMEM;
goto fail; goto fail;
} }
sb->s_root = root;
return 0; return 0;
fail: fail:
kfree(fsi); kfree(fsi);
sb->s_fs_info = NULL;
iput(inode); iput(inode);
return err; return err;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册