swapfile: avoid NULL pointer dereference in swapon when s_bdev is NULL

While testing Swap over NFS patchset, I noticed an oops that was triggered
during swapon. Investigating further, the NULL pointer deference is due to the
SSD device check/optimization in the swapon code that assumes s_bdev could never
be NULL.

inode->i_sb->s_bdev could be NULL in a few cases. For e.g. one such case is
loopback NFS mount, there could be others as well. Fix this by ensuring s_bdev
is not NULL before we try to deference s_bdev.

Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

1 files changed, 7 insertions, 5 deletions

diff --git a/mm/swapfile.c b/mm/swapfile.c
index 4de7f02f820b..a1bc6b9af9a2 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1974,12 +1974,14 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
                 goto bad_swap;
         }
 
-        if (blk_queue_nonrot(bdev_get_queue(p->bdev))) {
-                p->flags |= SWP_SOLIDSTATE;
-                p->cluster_next = 1 + (random32() % p->highest_bit);
+        if (p->bdev) {
+                if (blk_queue_nonrot(bdev_get_queue(p->bdev))) {
+                        p->flags |= SWP_SOLIDSTATE;
+                        p->cluster_next = 1 + (random32() % p->highest_bit);
+                }
+                if (discard_swap(p) == 0)
+                        p->flags |= SWP_DISCARDABLE;
         }
-        if (discard_swap(p) == 0)
-                p->flags |= SWP_DISCARDABLE;
 
         mutex_lock(&swapon_mutex);
         spin_lock(&swap_lock);