fs/ntfs3: fix potential double iput on d_make_root() failure

d_make_root() consumes the reference to the passed inode: it either attaches it to the newly created dentry on success, or drops it via iput() on failure. In the error path, the code currently does: sb->s_root = d_make_root(inode); if (!sb->s_root) goto put_inode_out; which leads to a second iput(inode) in put_inode_out. This results in a double iput and may trigger a use-after-free if the inode gets freed after the first iput(). Fix this by jumping directly to the common cleanup path, avoiding the extra iput(inode). Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
author: Zhan Xusheng <zhanxusheng1024@gmail.com> 2026-03-26 17:12:32 +0800
committer: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> 2026-04-07 18:43:39 +0200
commit: d1062683bf6b560b31f287eb0ebde4841bc72376 (patch)
tree: 38116b677997c814e7b6e85cb5fc33b688f46f62 /fs
parent: 984a415f019536ea2d24de9010744e5302a9a948 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c
index 46160b06b635..57922edf1ae1 100644
--- a/fs/ntfs3/super.c
+++ b/fs/ntfs3/super.c
@@ -1704,7 +1704,7 @@ load_root:
 	sb->s_root = d_make_root(inode);
 	if (!sb->s_root) {
 		err = -ENOMEM;
-		goto put_inode_out;
+		goto out;
 	}
 
 	if (boot2) {
author	Zhan Xusheng <zhanxusheng1024@gmail.com>	2026-03-26 17:12:32 +0800
committer	Konstantin Komarov <almaz.alexandrovich@paragon-software.com>	2026-04-07 18:43:39 +0200
commit	d1062683bf6b560b31f287eb0ebde4841bc72376 (patch)
tree	38116b677997c814e7b6e85cb5fc33b688f46f62 /fs
parent	984a415f019536ea2d24de9010744e5302a9a948 (diff)