From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752450AbbBRN4a (ORCPT ); Wed, 18 Feb 2015 08:56:30 -0500 Received: from mail-pa0-f50.google.com ([209.85.220.50]:43270 "EHLO mail-pa0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752147AbbBRN42 (ORCPT ); Wed, 18 Feb 2015 08:56:28 -0500 Date: Wed, 18 Feb 2015 19:26:19 +0530 From: Sudip Mukherjee To: Al Viro Cc: Andrew Morton , linux-kernel@vger.kernel.org Subject: Re: [PATCH 4/5] fs: efs: fix possible memory leak Message-ID: <20150218135619.GA10604@sudip-PC> References: <1423731742-31383-1-git-send-email-sudipm.mukherjee@gmail.com> <1423731742-31383-4-git-send-email-sudipm.mukherjee@gmail.com> <20150217193101.GA11847@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150217193101.GA11847@ZenIV.linux.org.uk> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 17, 2015 at 07:31:01PM +0000, Al Viro wrote: > On Thu, Feb 12, 2015 at 02:32:21PM +0530, Sudip Mukherjee wrote: > > The hell we are not - unlike ->put_super(), ->kill_sb() is *always* > called, even when fill_super() fails halfway through. Exactly because > it makes for simpler cleanup requirements on failure exits in said > fill_super(). And we have > static void efs_kill_sb(struct super_block *s) > { > struct efs_sb_info *sbi = SUPER_INFO(s); > kill_block_super(s); > kfree(sbi); > } > for ->kill_sb() there, so sbi will *not* leak. thanks for explaining this. I was seeing the code in the fat and was trying to figure out why this in efs was not released. i was have one more doubt about efs_iget() but that also is actually cleared with this. thanks sudip > > NAK. This patch not only complicates efs_fill_super() for no good reason, > it ends up with double kfree() on those failure exits - ->s_fs_info is > left pointing to freed memory and efs_kill_sb() does kfree() again.