Skip to content

L
linux
Commit 5541952d authored by Alexander Viro's avatar Alexander Viro Committed by Linus Torvalds
Browse files
Options

[PATCH] d_alloc_root() fixes: gadgetfs 

gatgetfs fill_super:
 - double-free of inode on last two failure exits
 - leak on the last failure exit
 - touching addresses near 0 on last two failure exits
parent 8f7155ad
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 6 deletions
drivers/usb/gadget/inode.c
View file @ 5541952d
...@@ -1812,7 +1812,6 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent) ...@@ -1812,7 +1812,6 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
return -ENOMEM; return -ENOMEM;
inode->i_op = &simple_dir_inode_operations; inode->i_op = &simple_dir_inode_operations;
if (!(d = d_alloc_root (inode))) { if (!(d = d_alloc_root (inode))) {
enomem:
iput (inode); iput (inode);
return -ENOMEM; return -ENOMEM;
} }
...@@ -1823,12 +1822,15 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent) ...@@ -1823,12 +1822,15 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
*/ */
dev = dev_new (); dev = dev_new ();
if (!dev) if (!dev)
goto enomem; return -ENOMEM;
dev->sb = sb; dev->sb = sb;
if (!(inode = gadgetfs_create_file (sb, CHIP, if (!(inode = gadgetfs_create_file (sb, CHIP,
dev, &dev_init_operations, dev, &dev_init_operations,
&dev->dentry))) &dev->dentry))) {
goto enomem; put_dev(dev);
return -ENOMEM;
}
/* other endpoint files are available after hardware setup, /* other endpoint files are available after hardware setup,
* from binding to a controller. * from binding to a controller.
...@@ -1849,8 +1851,10 @@ static void ...@@ -1849,8 +1851,10 @@ static void
gadgetfs_kill_sb (struct super_block *sb) gadgetfs_kill_sb (struct super_block *sb)
{ {
kill_litter_super (sb); kill_litter_super (sb);
put_dev (the_device); if (the_device) {
the_device = 0; put_dev (the_device);
the_device = 0;
}
} }
/*----------------------------------------------------------------------*/ /*----------------------------------------------------------------------*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7