devpts: fix double-free on mount failure

devpts_kill_sb() is called even if devpts_fill_super() fails; we should not do that kfree() in the latter, especially not with ->s_fs_info left pointing to freed object. Double kfree() is a Bad Thing(tm)... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2012-01-08 19:40:27 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-08 20:19:03 -0500
commit: 3850aba74873aa47fefe6900b99f42f5e656a6e7 (patch)
tree: 24f91e8cf4296a86678553809a935f355ae88de0 /fs/devpts
parent: 87da5b3264c8514b85c6c6e8ef51b9440eee2030 (diff)
download: linux-3850aba74873aa47fefe6900b99f42f5e656a6e7.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 79673eb71151..c4e2a58a2e82 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -301,7 +301,7 @@ devpts_fill_super(struct super_block *s, void *data, int silent)
 
 	inode = new_inode(s);
 	if (!inode)
-		goto free_fsi;
+		goto fail;
 	inode->i_ino = 1;
 	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
 	inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
@@ -316,8 +316,6 @@ devpts_fill_super(struct super_block *s, void *data, int silent)
 	printk(KERN_ERR "devpts: get root dentry failed\n");
 	iput(inode);
 
-free_fsi:
-	kfree(s->s_fs_info);
 fail:
 	return -ENOMEM;
 }
author	Al Viro <viro@zeniv.linux.org.uk>	2012-01-08 19:40:27 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-08 20:19:03 -0500
commit	3850aba74873aa47fefe6900b99f42f5e656a6e7 (patch)
tree	24f91e8cf4296a86678553809a935f355ae88de0 /fs/devpts
parent	87da5b3264c8514b85c6c6e8ef51b9440eee2030 (diff)
download	linux-3850aba74873aa47fefe6900b99f42f5e656a6e7.tar.gz