2005-09-21 01:25:28

by Latchesar Ionkov

[permalink] [raw]
Subject: [PATCH] v9fs-get-sb-cleanup.patch

Signed-off-by: Latchesar Ionkov <[email protected]>

if error occurs while in v9fs_get_sb, some objects are freed twice -- once
in v9fs_get_sb, the second time when v9fs_kill_super is (indirectly
called).

---
commit f3f3a1deaaf88410ab71e9cf806c440d66103fad
tree d2e9deb7d763fc10eba2ef23ff90640f1c21f1f6
parent 0b381cf7efcd34bb6b316baf7ed5d18d402e62f0
author Latchesar Ionkov <[email protected]> Tue, 20 Sep 2005 19:33:39 -0400
committer Latchesar Ionkov <[email protected]> Tue, 20 Sep 2005 19:33:39 -0400

fs/9p/vfs_super.c | 24 +++++++-----------------
1 files changed, 7 insertions(+), 17 deletions(-)

diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c
--- a/fs/9p/vfs_super.c
+++ b/fs/9p/vfs_super.c
@@ -129,8 +129,8 @@ static struct super_block *v9fs_get_sb(s

if ((newfid = v9fs_session_init(v9ses, dev_name, data)) < 0) {
dprintk(DEBUG_ERROR, "problem initiating session\n");
- retval = newfid;
- goto free_session;
+ kfree(v9ses);
+ return ERR_PTR(newfid);
}

sb = sget(fs_type, NULL, v9fs_set_super, v9ses);
@@ -150,7 +150,7 @@ static struct super_block *v9fs_get_sb(s

if (!root) {
retval = -ENOMEM;
- goto release_inode;
+ goto put_back_sb;
}

sb->s_root = root;
@@ -159,7 +159,7 @@ static struct super_block *v9fs_get_sb(s
root_fid = v9fs_fid_create(root);
if (root_fid == NULL) {
retval = -ENOMEM;
- goto release_dentry;
+ goto put_back_sb;
}

root_fid->fidopen = 0;
@@ -182,25 +182,15 @@ static struct super_block *v9fs_get_sb(s

if (stat_result < 0) {
retval = stat_result;
- goto release_dentry;
+ goto put_back_sb;
}

return sb;

- release_dentry:
- dput(sb->s_root);
-
- release_inode:
- iput(inode);
-
- put_back_sb:
+put_back_sb:
+ /* deactivate_super calls v9fs_kill_super which will frees the rest */
up_write(&sb->s_umount);
deactivate_super(sb);
- v9fs_session_close(v9ses);
-
- free_session:
- kfree(v9ses);
-
return ERR_PTR(retval);
}


2005-09-21 01:38:29

by Latchesar Ionkov

[permalink] [raw]
Subject: Re: [PATCH] v9fs-get-sb-cleanup.patch

On Wed, Sep 21, 2005 at 02:35:06AM +0100, Al Viro said:
> On Tue, Sep 20, 2005 at 09:25:26PM -0400, Latchesar Ionkov wrote:
> > Signed-off-by: Latchesar Ionkov <[email protected]>
> >
> > if error occurs while in v9fs_get_sb, some objects are freed twice -- once
> > in v9fs_get_sb, the second time when v9fs_kill_super is (indirectly
> > called).
>
> Huh? ->kill_sb() is *NOT* called when ->get_sb() fails.

I guess I wasn't clear. If v9fs ->get_sb fails after it called sget,
->get_sb calls deactivate_super, which calls ->kill_sb().

Thanks,
Lucho

2005-09-21 01:35:07

by Al Viro

[permalink] [raw]
Subject: Re: [PATCH] v9fs-get-sb-cleanup.patch

On Tue, Sep 20, 2005 at 09:25:26PM -0400, Latchesar Ionkov wrote:
> Signed-off-by: Latchesar Ionkov <[email protected]>
>
> if error occurs while in v9fs_get_sb, some objects are freed twice -- once
> in v9fs_get_sb, the second time when v9fs_kill_super is (indirectly
> called).

Huh? ->kill_sb() is *NOT* called when ->get_sb() fails.