Re: [f2fs-dev] [PATCH] f2fs: fix double free of f2fs_sb_info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2024/1/13 8:57, Eric Biggers wrote:

From: Eric Biggers <ebiggers@xxxxxxxxxx>

kill_f2fs_super() is called even if f2fs_fill_super() fails.
f2fs_fill_super() frees the struct f2fs_sb_info, so it must set
sb->s_fs_info to NULL to prevent it from being freed again.


Oh, I missed that case as well during reviewing, my bad.



Fixes: 275dca4630c1 ("f2fs: move release of block devices to after kill_block_super()")
Reported-by: syzbot+8f477ac014ff5b32d81f@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://lore.kernel.org/r/0000000000006cb174060ec34502@xxxxxxxxxx
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>


Reviewed-by: Chao Yu <chao@xxxxxxxxxx>

Thanks,


---
  fs/f2fs/super.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index d00d21a8b53ad..d45ab0992ae59 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -4873,20 +4873,21 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
  		kfree(F2FS_OPTION(sbi).s_qf_names[i]);
  #endif
  	fscrypt_free_dummy_policy(&F2FS_OPTION(sbi).dummy_enc_policy);
  	kvfree(options);
  free_sb_buf:
  	kfree(raw_super);
  free_sbi:
  	if (sbi->s_chksum_driver)
  		crypto_free_shash(sbi->s_chksum_driver);
  	kfree(sbi);
+	sb->s_fs_info = NULL;
/* give only one another chance */ 
  	if (retry_cnt > 0 && skip_recovery) {
  		retry_cnt--;
  		shrink_dcache_sb(sb);
  		goto try_onemore;
  	}
  	return err;
  }

base-commit: 38814330fedd778edffcabe0c8cb462ee365782e
[Index of Archives]     [linux Cryptography]     [Asterisk App Development]     [PJ SIP]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]

  Powered by Linux