From 2708f716c0f009bad754b8b94063526fab2048e9 Mon Sep 17 00:00:00 2001 From: Brian Behlendorf Date: Fri, 9 Sep 2011 10:24:55 -0700 Subject: Fix usage of zsb after free Caught by code inspection, the variable zsb was referenced after being freed. Move the kmem_free() to the end of the function. Signed-off-by: Brian Behlendorf --- module/zfs/zfs_znode.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/module/zfs/zfs_znode.c b/module/zfs/zfs_znode.c index dfbe11aca..0443b3065 100644 --- a/module/zfs/zfs_znode.c +++ b/module/zfs/zfs_znode.c @@ -1527,20 +1527,19 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *zplprops, dmu_tx_t *tx) atomic_set(&ZTOI(rootzp)->i_count, 0); sa_handle_destroy(rootzp->z_sa_hdl); - kmem_free(sb, sizeof (struct super_block)); - kmem_free(zsb, sizeof (zfs_sb_t)); kmem_cache_free(znode_cache, rootzp); /* * Create shares directory */ - error = zfs_create_share_dir(zsb, tx); - ASSERT(error == 0); for (i = 0; i != ZFS_OBJ_MTX_SZ; i++) mutex_destroy(&zsb->z_hold_mtx[i]); + + kmem_free(sb, sizeof (struct super_block)); + kmem_free(zsb, sizeof (zfs_sb_t)); } #endif /* _KERNEL */ -- cgit v1.2.3