Commit 126fb0ce authored by Mehdi Ben Hadj Khelifa's avatar Mehdi Ben Hadj Khelifa Committed by Viacheslav Dubeyko
Browse files

hfsplus: ensure sb->s_fs_info is always cleaned up 



When hfsplus was converted to the new mount api a bug was introduced by
changing the allocation pattern of sb->s_fs_info. If setup_bdev_super()
fails after a new superblock has been allocated by sget_fc(), but before
hfsplus_fill_super() takes ownership of the filesystem-specific s_fs_info
data it was leaked.

Fix this by freeing sb->s_fs_info in hfsplus_kill_super().

Cc: stable@vger.kernel.org
Fixes: 432f7c78 ("hfsplus: convert hfsplus to use the new mount api")
Reported-by: default avatarViacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Tested-by: default avatarViacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
Signed-off-by: default avatarMehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@gmail.com>
Reviewed-by: default avatarViacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: default avatarViacheslav Dubeyko <slava@dubeyko.com>
Link: https://lore.kernel.org/r/20251201222843.82310-3-mehdi.benhadjkhelifa@gmail.com


Signed-off-by: default avatarViacheslav Dubeyko <slava@dubeyko.com>
parent 05ce49a9

fs/hfsplus/super.c

+9 −4
Original line number Diff line number Diff line
@@ -344,8 +344,6 @@ static void hfsplus_put_super(struct super_block *sb) 
	hfs_btree_close(sbi->ext_tree);

	kfree(sbi->s_vhdr_buf);

	kfree(sbi->s_backup_vhdr_buf);

	call_rcu(&sbi->rcu, delayed_free);



	hfs_dbg("finished\n");

}
@@ -650,7 +648,6 @@ static int hfsplus_fill_super(struct super_block *sb, struct fs_context *fc) 
out_unload_nls:

	unload_nls(sbi->nls);

	unload_nls(nls);

	kfree(sbi);

	return err;

}
@@ -709,10 +706,18 @@ static int hfsplus_init_fs_context(struct fs_context *fc) 
	return 0;

}



static void hfsplus_kill_super(struct super_block *sb)

{

	struct hfsplus_sb_info *sbi = HFSPLUS_SB(sb);



	kill_block_super(sb);

	call_rcu(&sbi->rcu, delayed_free);

}



static struct file_system_type hfsplus_fs_type = {

	.owner		= THIS_MODULE,

	.name		= "hfsplus",

	.kill_sb	= kill_block_super,

	.kill_sb	= hfsplus_kill_super,

	.fs_flags	= FS_REQUIRES_DEV,

	.init_fs_context = hfsplus_init_fs_context,

};