| Message ID | dadb7856c5a0da0fa3c1f2c30f18f09fad62d45d.1525384741.git.ernesto.mnd.fernandez@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, May 03, 2018 at 07:08:22PM -0300, Ernesto A. Fernández wrote: > If no hidden directory exists, the hfsplus_fill_super() function will > create it. A delayed work is then queued to sync the superblock, which > is never canceled in case of failure. Fix this. Wouldn't it be simpler to avoid all the crap with clearing ->s_root on failure, letting ->put_super() take care of everything? Or, better yet, take cleanups into ->kill_sb(), which is always called on superblock shutdown, ->s_root or no ->s_root...
diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c index 513c357c734b..4bc49e3f171d 100644 --- a/fs/hfsplus/super.c +++ b/fs/hfsplus/super.c @@ -588,6 +588,8 @@ static int hfsplus_fill_super(struct super_block *sb, void *data, int silent) return 0; out_put_hidden_dir: + /* Creating an inode queues the sb for synchronization */ + cancel_delayed_work_sync(&sbi->sync_work); iput(sbi->hidden_dir); out_put_root: dput(sb->s_root);
If no hidden directory exists, the hfsplus_fill_super() function will create it. A delayed work is then queued to sync the superblock, which is never canceled in case of failure. Fix this. Fixes: 9e6c5829b07c ("hfsplus: get rid of write_super") Reported-by: syzbot+4f2e5f086147d543ab03@syzkaller.appspotmail.com Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> --- fs/hfsplus/super.c | 2 ++ 1 file changed, 2 insertions(+)