diff options
| author | Jan Kara <jack@suse.cz> | 2008-03-04 17:28:33 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-03-04 19:35:10 -0500 |
| commit | e3892296de632e3f9299d9fabe0c746740004891 (patch) | |
| tree | a6162f566e5ec6b0e099a79e7a59005fcfe9be4b /fs/buffer.c | |
| parent | 10ed273f5016c582413dfbc468dd084957d847e1 (diff) | |
vfs: fix NULL pointer dereference in fsync_buffers_list()
Fix NULL pointer dereference in fsync_buffers_list() introduced by recent fix
of races in private_list handling. Since bh->b_assoc_map has been cleared in
__remove_assoc_queue() we should really use original value stored in the
'mapping' variable.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/buffer.c')
| -rw-r--r-- | fs/buffer.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/buffer.c b/fs/buffer.c index 897cd7477b34..ddfdd2c80bf9 100644 --- a/fs/buffer.c +++ b/fs/buffer.c | |||
| @@ -835,7 +835,7 @@ static int fsync_buffers_list(spinlock_t *lock, struct list_head *list) | |||
| 835 | smp_mb(); | 835 | smp_mb(); |
| 836 | if (buffer_dirty(bh)) { | 836 | if (buffer_dirty(bh)) { |
| 837 | list_add(&bh->b_assoc_buffers, | 837 | list_add(&bh->b_assoc_buffers, |
| 838 | &bh->b_assoc_map->private_list); | 838 | &mapping->private_list); |
| 839 | bh->b_assoc_map = mapping; | 839 | bh->b_assoc_map = mapping; |
| 840 | } | 840 | } |
| 841 | spin_unlock(lock); | 841 | spin_unlock(lock); |