From c65390f4dd49755863f6d772ec538ee4757c08d7 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 9 Apr 2012 01:36:28 -0400 Subject: fix breakage in mtdchar_open(), sanitize failure exits simple_release_fs() should be only done on failure there. Signed-off-by: Al Viro --- drivers/mtd/mtdchar.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c index 94eb05b1afdf..58fc65f5c817 100644 --- a/drivers/mtd/mtdchar.c +++ b/drivers/mtd/mtdchar.c @@ -106,16 +106,14 @@ static int mtdchar_open(struct inode *inode, struct file *file) } if (mtd->type == MTD_ABSENT) { - put_mtd_device(mtd); ret = -ENODEV; - goto out; + goto out1; } mtd_ino = iget_locked(mnt->mnt_sb, devnum); if (!mtd_ino) { - put_mtd_device(mtd); ret = -ENOMEM; - goto out; + goto out1; } if (mtd_ino->i_state & I_NEW) { mtd_ino->i_private = mtd; @@ -127,23 +125,25 @@ static int mtdchar_open(struct inode *inode, struct file *file) /* You can't open it RW if it's not a writeable device */ if ((file->f_mode & FMODE_WRITE) && !(mtd->flags & MTD_WRITEABLE)) { - iput(mtd_ino); - put_mtd_device(mtd); ret = -EACCES; - goto out; + goto out2; } mfi = kzalloc(sizeof(*mfi), GFP_KERNEL); if (!mfi) { - iput(mtd_ino); - put_mtd_device(mtd); ret = -ENOMEM; - goto out; + goto out2; } mfi->ino = mtd_ino; mfi->mtd = mtd; file->private_data = mfi; + mutex_unlock(&mtd_mutex); + return 0; +out2: + iput(mtd_ino); +out1: + put_mtd_device(mtd); out: mutex_unlock(&mtd_mutex); simple_release_fs(&mnt, &count); -- cgit v1.2.3 From 640946f20390e492694f9d7470656f2262385951 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 2 Apr 2012 19:22:25 -0400 Subject: dentry leak in simple_fill_super() failure exit d_genocide() does _not_ evict dentries; it just removes extra ref pinning each of those. Normally it's followed by shrinking the tree (it's done just before generic_shutdown_super() by kill_litter_super()), but in case of simple_fill_super() nothing of that kind will follow. Just do shrink_dcache_parent() manually. Signed-off-by: Al Viro --- fs/libfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/libfs.c b/fs/libfs.c index 358094f0433d..18d08f5db53a 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -529,6 +529,7 @@ int simple_fill_super(struct super_block *s, unsigned long magic, return 0; out: d_genocide(root); + shrink_dcache_parent(root); dput(root); return -ENOMEM; } -- cgit v1.2.3 From b1349f2536efcb592927ab6f8687c36c3c124f6b Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 2 Apr 2012 19:02:48 -0400 Subject: typo fix in Documentation/filesystems/vfs.txt Signed-off-by: Al Viro --- Documentation/filesystems/vfs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt index e916e3d36488..0d0492028082 100644 --- a/Documentation/filesystems/vfs.txt +++ b/Documentation/filesystems/vfs.txt @@ -114,7 +114,7 @@ members are defined: struct file_system_type { const char *name; int fs_flags; - struct dentry (*mount) (struct file_system_type *, int, + struct dentry *(*mount) (struct file_system_type *, int, const char *, void *); void (*kill_sb) (struct super_block *); struct module *owner; -- cgit v1.2.3