autofs: remove ino free in autofs4_dir_symlink()
authorIan Kent <raven@themaw.net>
Tue, 11 Oct 2016 20:52:39 +0000 (13:52 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 11 Oct 2016 22:06:31 +0000 (15:06 -0700)
The inode allocation failure case in autofs4_dir_symlink() frees the
autofs dentry info of the dentry without setting ->d_fsdata to NULL.

That could lead to a double free so just get rid of the free and leave it
to ->d_release().

Link: http://lkml.kernel.org/r/20160812024759.12352.10653.stgit@pluto.themaw.net
Signed-off-by: Ian Kent <raven@themaw.net>
Cc: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/autofs4/root.c

index 623510e84c968c8e8cc2f34c23d1b897f75246b7..2eebeae75288da876736683d99de17508d4e97ef 100644 (file)
@@ -577,8 +577,6 @@ static int autofs4_dir_symlink(struct inode *dir,
        inode = autofs4_get_inode(dir->i_sb, S_IFLNK | 0555);
        if (!inode) {
                kfree(cp);
-               if (!dentry->d_fsdata)
-                       kfree(ino);
                return -ENOMEM;
        }
        inode->i_private = cp;