devpts: fix double-free on mount failure

devpts_kill_sb() is called even if devpts_fill_super() fails; we should not do that kfree() in the latter, especially not with ->s_fs_info left pointing to freed object. Double kfree() is a Bad Thing(tm)... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

devpts: fix double-free on mount failure
devpts_kill_sb() is called even if devpts_fill_super() fails; we should not do that kfree() in the latter, especially not with ->s_fs_info left pointing to freed object. Double kfree() is a Bad Thing(tm)... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3850aba7 · Al Viro · 87da5b32 · 3850aba7
Commit 3850aba7 authored Jan 08, 2012 by Al Viro
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 3 deletions

fs/devpts/inode.c fs/devpts/inode.c +1 -3

No files found.
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -301,7 +301,7 @@ devpts_fill_super(struct super_block *s, void *data, int silent)
 	inode = new_inode(s);
 	if (!inode)
-		goto free_fsi;
+		goto fail;
 	inode->i_ino = 1;
 	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
 	inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
@@ -316,8 +316,6 @@ devpts_fill_super(struct super_block *s, void *data, int silent)
 	printk(KERN_ERR "devpts: get root dentry failed\n");
 	iput(inode);
-free_fsi:
-	kfree(s->s_fs_info);
 fail:
 	return -ENOMEM;
 }