mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-01 10:43:43 +00:00
f2fs: fix double free of f2fs_sb_info
kill_f2fs_super() is called even if f2fs_fill_super() fails.
f2fs_fill_super() frees the struct f2fs_sb_info, so it must set
sb->s_fs_info to NULL to prevent it from being freed again.
Fixes: 275dca4630
("f2fs: move release of block devices to after kill_block_super()")
Reported-by: <syzbot+8f477ac014ff5b32d81f@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/lkml/0000000000006cb174060ec34502@google.com
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/linux-f2fs-devel/20240113005747.38887-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
parent
38814330fe
commit
c919330dd5
@ -4880,6 +4880,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
|
|||||||
if (sbi->s_chksum_driver)
|
if (sbi->s_chksum_driver)
|
||||||
crypto_free_shash(sbi->s_chksum_driver);
|
crypto_free_shash(sbi->s_chksum_driver);
|
||||||
kfree(sbi);
|
kfree(sbi);
|
||||||
|
sb->s_fs_info = NULL;
|
||||||
|
|
||||||
/* give only one another chance */
|
/* give only one another chance */
|
||||||
if (retry_cnt > 0 && skip_recovery) {
|
if (retry_cnt > 0 && skip_recovery) {
|
||||||
|
Loading…
Reference in New Issue
Block a user