1. Patchew
  2. linux
  3. View series

[PATCH] autofs: Fix memory leak in autofs_fill_super()

Zilin Guan posted 1 patch 1 month, 2 weeks ago 
fs/autofs/inode.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
[PATCH] autofs: Fix memory leak in autofs_fill_super()
Posted by Zilin Guan 1 month, 2 weeks ago 
The autofs_new_ino() function allocates a new autofs_info structure.
If the subsequent call to autofs_get_inode() fails, this structure is
not freed, leading to a memory leak.

Fix this by adding a new error label to free the structure and jumping
to it upon failure.

While at it, consolidate the error handling for the d_make_root()
failure case to use the same label.

Fixes: 66917f85db600 ("autofs: add: new_inode check in autofs_fill_super()")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
---
 fs/autofs/inode.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
index b932b1719dfc..391979f8b2bb 100644
--- a/fs/autofs/inode.c
+++ b/fs/autofs/inode.c
@@ -324,7 +324,7 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 
 	root_inode = autofs_get_inode(s, S_IFDIR | 0755);
 	if (!root_inode)
-		return -ENOMEM;
+		goto nomem;
 
 	root_inode->i_uid = ctx->uid;
 	root_inode->i_gid = ctx->gid;
@@ -332,10 +332,9 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 	root_inode->i_op = &autofs_dir_inode_operations;
 
 	s->s_root = d_make_root(root_inode);
-	if (unlikely(!s->s_root)) {
-		autofs_free_ino(ino);
-		return -ENOMEM;
-	}
+	if (unlikely(!s->s_root))
+		goto nomem;
+
 	s->s_root->d_fsdata = ino;
 
 	if (ctx->pgrp_set) {
@@ -358,6 +357,10 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 
 	sbi->flags &= ~AUTOFS_SBI_CATATONIC;
 	return 0;
+
+nomem:
+	autofs_free_ino(ino);
+	return -ENOMEM;
 }
 
 /*
-- 
2.34.1
Re: [PATCH] autofs: Fix memory leak in autofs_fill_super()
Posted by Ian Kent 1 month, 2 weeks ago 
On 25/12/25 22:27, Zilin Guan wrote:
> The autofs_new_ino() function allocates a new autofs_info structure.
> If the subsequent call to autofs_get_inode() fails, this structure is
> not freed, leading to a memory leak.
>
> Fix this by adding a new error label to free the structure and jumping
> to it upon failure.
>
> While at it, consolidate the error handling for the d_make_root()
> failure case to use the same label.
>
> Fixes: 66917f85db600 ("autofs: add: new_inode check in autofs_fill_super()")
> Signed-off-by: Zilin Guan <zilin@seu.edu.cn>

Acked-by: Ian Kent <raven@themaw.net>


So obvious, one wonders how things like this go unseen for so long, ;)


Ian

> ---
>   fs/autofs/inode.c | 13 ++++++++-----
>   1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
> index b932b1719dfc..391979f8b2bb 100644
> --- a/fs/autofs/inode.c
> +++ b/fs/autofs/inode.c
> @@ -324,7 +324,7 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
>   
>   	root_inode = autofs_get_inode(s, S_IFDIR | 0755);
>   	if (!root_inode)
> -		return -ENOMEM;
> +		goto nomem;
>   
>   	root_inode->i_uid = ctx->uid;
>   	root_inode->i_gid = ctx->gid;
> @@ -332,10 +332,9 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
>   	root_inode->i_op = &autofs_dir_inode_operations;
>   
>   	s->s_root = d_make_root(root_inode);
> -	if (unlikely(!s->s_root)) {
> -		autofs_free_ino(ino);
> -		return -ENOMEM;
> -	}
> +	if (unlikely(!s->s_root))
> +		goto nomem;
> +
>   	s->s_root->d_fsdata = ino;
>   
>   	if (ctx->pgrp_set) {
> @@ -358,6 +357,10 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
>   
>   	sbi->flags &= ~AUTOFS_SBI_CATATONIC;
>   	return 0;
> +
> +nomem:
> +	autofs_free_ino(ino);
> +	return -ENOMEM;
>   }
>   
>   /*

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.