From: panxuesong <panxuesong@xxxxxxxxxx>
When mount jffs2 passing a invalid argument, such as "compr=xxx".
In jffs2_fill_super , function jffs2_parse_options will return failed
and then will free jffs2_sb_info for the first time.
While jffs2_fill_super failed, would call jffs2_kill_sb,
which will free jffs2_sb_info for the second time.
static int jffs2_fill_super(struct super_block *sb, void *data, int silent)
{
......
ret = jffs2_parse_options(c, data);
if (ret) {
kfree(c);
return -EINVAL;
}
......
}
static void jffs2_kill_sb(struct super_block *sb)
{
struct jffs2_sb_info *c = JFFS2_SB_INFO(sb);
if (!(sb->s_flags & MS_RDONLY))
jffs2_stop_garbage_collect_thread(c);
kill_mtd_super(sb);
kfree(c);
}
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Pan Xuesong <panxuesong@xxxxxxxxxx>
---
fs/jffs2/super.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c
index d86c5e3..20b4d84 100644
--- a/fs/jffs2/super.c
+++ b/fs/jffs2/super.c
@@ -286,7 +286,6 @@ static int jffs2_fill_super(struct super_block *sb, void *data, int silent)
ret = jffs2_parse_options(c, data);
if (ret) {
- kfree(c);
return -EINVAL;
}
--
1.8.0
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html