fs/hfsplus/super.c | 1 - 1 file changed, 1 deletion(-)
The recent commit "hfsplus: ensure sb->s_fs_info is always cleaned up"
[1] introduced a custom ->kill_sb() handler (hfsplus_kill_super) that
cleans up the s_fs_info structure (including the NLS table) on
superblock destruction.
However, the error handling path in hfsplus_fill_super() still calls
unload_nls() before returning an error. Since the VFS layer calls
->kill_sb() when fill_super fails, this results in unload_nls() being
called twice for the same sbi->nls pointer: once in hfsplus_fill_super()
and again in hfsplus_kill_super() (via delayed_free).
Remove the explicit unload_nls() call from the error path in
hfsplus_fill_super() to rely solely on the cleanup in ->kill_sb().
[1] https://lore.kernel.org/r/20251201222843.82310-3-mehdi.benhadjkhelifa@gmail.com/
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Link: https://lore.kernel.org/r/20260203043806.GF3183987@ZenIV/
Signed-off-by: Shardul Bankar <shardul.b@mpiricsoftware.com>
---
fs/hfsplus/super.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c
index 829c8ac2639c..5ba26404f504 100644
--- a/fs/hfsplus/super.c
+++ b/fs/hfsplus/super.c
@@ -646,7 +646,6 @@ static int hfsplus_fill_super(struct super_block *sb, struct fs_context *fc)
kfree(sbi->s_vhdr_buf);
kfree(sbi->s_backup_vhdr_buf);
out_unload_nls:
- unload_nls(sbi->nls);
unload_nls(nls);
return err;
}
--
2.34.1On Wed, 2026-02-04 at 22:34 +0530, Shardul Bankar wrote: > The recent commit "hfsplus: ensure sb->s_fs_info is always cleaned up" > [1] introduced a custom ->kill_sb() handler (hfsplus_kill_super) that > cleans up the s_fs_info structure (including the NLS table) on > superblock destruction. > > However, the error handling path in hfsplus_fill_super() still calls > unload_nls() before returning an error. Since the VFS layer calls > ->kill_sb() when fill_super fails, this results in unload_nls() being > called twice for the same sbi->nls pointer: once in hfsplus_fill_super() > and again in hfsplus_kill_super() (via delayed_free). > > Remove the explicit unload_nls() call from the error path in > hfsplus_fill_super() to rely solely on the cleanup in ->kill_sb(). > > [1] https://urldefense.proofpoint.com/v2/url?u=https-3A__lore.kernel.org_r_20251201222843.82310-2D3-2Dmehdi.benhadjkhelifa-40gmail.com_&d=DwIDAg&c=BSDicqBQBDjDI9RkVyTcHQ&r=q5bIm4AXMzc8NJu1_RGmnQ2fMWKq4Y4RAkElvUgSs00&m=nIRFVBbXkO1U_YAsBLT6Dhsz-kvNCbzVyuUUFiyzQfAIX7tfj6zSpbH_g8v0DJbV&s=6wZhKrQgBTT7arelKg7fe1Gz59hLAYxtnzEEduFDLGs&e= > > Reported-by: Al Viro <viro@zeniv.linux.org.uk> > Link: https://urldefense.proofpoint.com/v2/url?u=https-3A__lore.kernel.org_r_20260203043806.GF3183987-40ZenIV_&d=DwIDAg&c=BSDicqBQBDjDI9RkVyTcHQ&r=q5bIm4AXMzc8NJu1_RGmnQ2fMWKq4Y4RAkElvUgSs00&m=nIRFVBbXkO1U_YAsBLT6Dhsz-kvNCbzVyuUUFiyzQfAIX7tfj6zSpbH_g8v0DJbV&s=kDiSIqwoTkI8MkVogNxafY0dp80MuZk0t-w_E4I40QQ&e= > Signed-off-by: Shardul Bankar <shardul.b@mpiricsoftware.com> > --- > fs/hfsplus/super.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c > index 829c8ac2639c..5ba26404f504 100644 > --- a/fs/hfsplus/super.c > +++ b/fs/hfsplus/super.c > @@ -646,7 +646,6 @@ static int hfsplus_fill_super(struct super_block *sb, struct fs_context *fc) > kfree(sbi->s_vhdr_buf); > kfree(sbi->s_backup_vhdr_buf); > out_unload_nls: > - unload_nls(sbi->nls); > unload_nls(nls); > return err; > } Makes sense and looks good. Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com> Thanks, Slava.
© 2016 - 2026 Red Hat, Inc.