From: Latchesar Ionkov If error occurs while in v9fs_get_sb after it calles sget, the dentry object of the root and its inode may be freed twice -- once while handling the error in v9fs_get_sb, and second time when v9fs_get_sb calles deactivate_super (which in turn calls v9fs_kill_super) The patch removes the unnecessary code that frees the root dentry and its inode. Signed-off-by: Latchesar Ionkov Cc: Eric Van Hensbergen Signed-off-by: Andrew Morton --- fs/9p/vfs_super.c | 24 +++++++----------------- 1 files changed, 7 insertions(+), 17 deletions(-) diff -puN fs/9p/vfs_super.c~v9fs-dont-free-root-dentry-inode-if-error-occurs-in-v9fs_get_sb fs/9p/vfs_super.c --- devel/fs/9p/vfs_super.c~v9fs-dont-free-root-dentry-inode-if-error-occurs-in-v9fs_get_sb 2005-09-21 12:20:34.000000000 -0700 +++ devel-akpm/fs/9p/vfs_super.c 2005-09-21 12:20:34.000000000 -0700 @@ -129,8 +129,8 @@ static struct super_block *v9fs_get_sb(s if ((newfid = v9fs_session_init(v9ses, dev_name, data)) < 0) { dprintk(DEBUG_ERROR, "problem initiating session\n"); - retval = newfid; - goto free_session; + kfree(v9ses); + return ERR_PTR(newfid); } sb = sget(fs_type, NULL, v9fs_set_super, v9ses); @@ -150,7 +150,7 @@ static struct super_block *v9fs_get_sb(s if (!root) { retval = -ENOMEM; - goto release_inode; + goto put_back_sb; } sb->s_root = root; @@ -159,7 +159,7 @@ static struct super_block *v9fs_get_sb(s root_fid = v9fs_fid_create(root); if (root_fid == NULL) { retval = -ENOMEM; - goto release_dentry; + goto put_back_sb; } root_fid->fidopen = 0; @@ -182,25 +182,15 @@ static struct super_block *v9fs_get_sb(s if (stat_result < 0) { retval = stat_result; - goto release_dentry; + goto put_back_sb; } return sb; - release_dentry: - dput(sb->s_root); - - release_inode: - iput(inode); - - put_back_sb: +put_back_sb: + /* deactivate_super calls v9fs_kill_super which will frees the rest */ up_write(&sb->s_umount); deactivate_super(sb); - v9fs_session_close(v9ses); - - free_session: - kfree(v9ses); - return ERR_PTR(retval); } _