From nobody Thu Apr 2 22:17:39 2026 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56DCD3B7B76 for ; Thu, 26 Mar 2026 09:12:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774516361; cv=none; b=YGB2MvOK3nrBTL9DBpsI6FC7yD8O+wnbbyQgHMQpIMj3K0/mW7y8EhpBGDvzvOOt5xaQm60n4a48HRtMnzeVBfTZpfzPk/F9ZBKmJpIeDba/juu5Q6Iyd72fmzD//IE5oO+mqGhvnAJ+MrCsBoZzczbG9fFbh5fu27bSguJtawA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774516361; c=relaxed/simple; bh=J8Buy7blqy42rZyyu2re6DeRyvRitgZWTUkYzAhgzys=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=o38GynrU1c88evv871NS4v/Z6poi+Oteawy2S3W57lVAVP65c0emrygqGXDPP1DYzLynVvvOH9q/XpTdY2KKfP4Co+gtdwf2R1ZbfhnUJdELKUb64v8116zIM0yTzdMQR4RqtietqRBCNz9WcCejVN++ppwjTlCuhvA4DnpoP8o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=n2phJgXn; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="n2phJgXn" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2b0586d5bb8so5372575ad.3 for ; Thu, 26 Mar 2026 02:12:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774516360; x=1775121160; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=QYfZbaBybKPD6+dSvFAhDTm82uVeL7ihcIN5PtqZnvY=; b=n2phJgXnEdsdmDu/6fngLOKV1/aERO4sAuQh+JzUkassC8GWYw5/GlaEzMPQIcHjDC PqQfxNYXmAuc7psFbZ5NmKIdtyRukstaUJF0qHfGkFiLdl/bVCE53MVhgWZ/5Iv51d9i IHsQDnkevc+pUnjMxL2eZAkG/MEBrAj2aYkfO0hmN/Cej2nvKSjBsMO4yfQpCIjQWBss I161mmcqe5C5XKdGnw8BTk1WMQyiSdGFfQC7gklDhAX7f49JlcDb/Idwg2B400cgZRoV RCDdXAr6AW9y5xbkhX4YiY9lL/zZGtJuEs73PsvUF1AOQ6V847GeKW1AiAIjaMkXsou6 2BVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774516360; x=1775121160; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QYfZbaBybKPD6+dSvFAhDTm82uVeL7ihcIN5PtqZnvY=; b=dGo7u1FgC3P2+GFSu2LeBKMfGr13Hn1Zv8ZhqcKRFY6VpaTQ72Sf+0+wME2fq3nhWi KpdUEaXTTPwIy4Jx+23t6qeTMoNGJvHjyy5s9N9buevdVdqVuvZE+bdp3IqNg/dwpnV4 AtkKGx7D3U90JCp02aQB2T8ljv0nFei5bRooOAczkyFVyrvV/QhoB4Z+iVHplwCGXW7D bpFdWIf+OeImEtMYcewwz0zdasT6cPKEbNOnqivK2XAEgy84gp93/ZPwqI1G4jwESFls NNLMYCJR2UJqtfigN4ePzy2XKsXm1nQlgr2rg05DVorVwDf++UP3lNvLuCUnY73YU0/X e3Zg== X-Gm-Message-State: AOJu0YxpJv2hP/6vKOWkEJtmcLJ6noYqBKGVm3i6+nxJwtSa13/Wl4+c pvhfvvlXRtN2KuHI9Az6jm0OJ/AKGEkT2UnnnEO54dv/FM/vME5MDTn+ X-Gm-Gg: ATEYQzzRYedCBhc7L6pNCDPdT6f2gZA3q0T2DkE2la738CXr5OqQNWurW06g6Kc4cqA W1VCgDlsanCB3MIko8yPwDz64hBlwRm0SvvAl1XZxAV6Y/7HnQl4Bt8jwcxerZ9mfDxyj6AxvuE VbMQXatR6vvM0cOVcxCZWgav9OkMmeG6J3f61Hl3Ish2A0J7BQ9gHe6IqaPh2iMkxL0vK/SO5DS aC/6cL9wmjfrckKCSHTRLwD8RKQQ7yUTU4hsktqr+FO/6Tex3Gdm8U6X8n952qIvf9hp1SDekbk RBpEFaRAwbBFJcsW0941HZ1yCY9BUtIGkwY3S2EoRnamOCts+nin6vxZTb5/r3yEPji18pHt5Sp ub2bXjWY6yyVLcteAySvfAL+8C/TxaXTq3f/5fQ+SqjOYGOrd/dhYCvKJVq/kCSHTNoxBEH51l8 qPtls7Om6KKt8ziamT3Pn3a5uGxXeUVKe4lF2WNRoqJtWoWwM= X-Received: by 2002:a17:902:cf07:b0:2b0:5968:a6d5 with SMTP id d9443c01a7336-2b0b0a63539mr63214695ad.18.1774516359680; Thu, 26 Mar 2026 02:12:39 -0700 (PDT) Received: from DESKTOP-MOQC9AF.mioffice.cn ([43.224.245.237]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b0bc7b8adasm31023895ad.33.2026.03.26.02.12.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Mar 2026 02:12:39 -0700 (PDT) From: Zhan Xusheng X-Google-Original-From: Zhan Xusheng To: Konstantin Komarov Cc: linux-kernel@vger.kernel.org, Zhan Xusheng Subject: [PATCH] fs/ntfs3: fix potential double iput on d_make_root() failure Date: Thu, 26 Mar 2026 17:12:32 +0800 Message-ID: <20260326091232.92760-1-zhanxusheng@xiaomi.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" d_make_root() consumes the reference to the passed inode: it either attaches it to the newly created dentry on success, or drops it via iput() on failure. In the error path, the code currently does: sb->s_root =3D d_make_root(inode); if (!sb->s_root) goto put_inode_out; which leads to a second iput(inode) in put_inode_out. This results in a double iput and may trigger a use-after-free if the inode gets freed after the first iput(). Fix this by jumping directly to the common cleanup path, avoiding the extra iput(inode). Signed-off-by: Zhan Xusheng --- fs/ntfs3/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 174a7cb202a0..d0dad15076ca 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -1673,7 +1673,7 @@ static int ntfs_fill_super(struct super_block *sb, st= ruct fs_context *fc) sb->s_root =3D d_make_root(inode); if (!sb->s_root) { err =3D -ENOMEM; - goto put_inode_out; + goto out; } =20 if (boot2) { --=20 2.43.0