diff options
| author | Eric Biggers <[email protected]> | 2024-01-12 16:57:47 -0800 |
|---|---|---|
| committer | Eric Biggers <[email protected]> | 2024-01-12 18:55:09 -0800 |
| commit | c919330dd57835970b37676d377de3eaaea2c1e9 (patch) | |
| tree | 0371d7b3f567ee9a12a7ec0b4c4c944880c98cbd | |
| parent | 38814330fedd778edffcabe0c8cb462ee365782e (diff) | |
f2fs: fix double free of f2fs_sb_info
kill_f2fs_super() is called even if f2fs_fill_super() fails.
f2fs_fill_super() frees the struct f2fs_sb_info, so it must set
sb->s_fs_info to NULL to prevent it from being freed again.
Fixes: 275dca4630c1 ("f2fs: move release of block devices to after kill_block_super()")
Reported-by: <[email protected]>
Closes: https://lore.kernel.org/lkml/[email protected]
Reviewed-by: Chao Yu <[email protected]>
Link: https://lore.kernel.org/linux-f2fs-devel/[email protected]
Signed-off-by: Eric Biggers <[email protected]>
| -rw-r--r-- | fs/f2fs/super.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index d00d21a8b53a..d45ab0992ae5 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -4880,6 +4880,7 @@ free_sbi: if (sbi->s_chksum_driver) crypto_free_shash(sbi->s_chksum_driver); kfree(sbi); + sb->s_fs_info = NULL; /* give only one another chance */ if (retry_cnt > 0 && skip_recovery) { |