diff options
author | Jesper Juhl <jesper.juhl@gmail.com> | 2007-08-16 02:25:42 -0400 |
---|---|---|
committer | Tim Shimmin <tes@chook.melbourne.sgi.com> | 2007-10-15 02:42:48 -0400 |
commit | 49ee6c911f0ae5b3a9a04e0589e3265e52f94f53 (patch) | |
tree | b95ccb140532df8601f69f86fb3ccb8dbd80a7ea /fs | |
parent | dcb3b83febd1028afbc4a32cf7642a6580e349c6 (diff) |
[XFS] Fix a potential NULL pointer deref in XFS on failed mount.
If we fail to open the the log device buftarg, we can fall through to
error handling code that fails to check for a NULL log device buftarg
before calling xfs_free_buftarg().
This patch fixes the issue by checking mp->m_logdev_targp against NULL in
xfs_unmountfs_close() and doing the proper xfs_blkdev_put(logdev); and
xfs_blkdev_put(rtdev); on (!mp->m_rtdev_targp) in xfs_mount().
Discovered by the Coverity checker.
SGI-PV: 968563
SGI-Modid: xfs-linux-melb:xfs-kern:29328a
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Tim Shimmin <tes@sgi.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/xfs/xfs_mount.c | 2 | ||||
-rw-r--r-- | fs/xfs/xfs_vfsops.c | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index cfe4de5def89..eef27f21f9ab 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c | |||
@@ -1262,7 +1262,7 @@ xfs_unmountfs(xfs_mount_t *mp, struct cred *cr) | |||
1262 | void | 1262 | void |
1263 | xfs_unmountfs_close(xfs_mount_t *mp, struct cred *cr) | 1263 | xfs_unmountfs_close(xfs_mount_t *mp, struct cred *cr) |
1264 | { | 1264 | { |
1265 | if (mp->m_logdev_targp != mp->m_ddev_targp) | 1265 | if (mp->m_logdev_targp && mp->m_logdev_targp != mp->m_ddev_targp) |
1266 | xfs_free_buftarg(mp->m_logdev_targp, 1); | 1266 | xfs_free_buftarg(mp->m_logdev_targp, 1); |
1267 | if (mp->m_rtdev_targp) | 1267 | if (mp->m_rtdev_targp) |
1268 | xfs_free_buftarg(mp->m_rtdev_targp, 1); | 1268 | xfs_free_buftarg(mp->m_rtdev_targp, 1); |
diff --git a/fs/xfs/xfs_vfsops.c b/fs/xfs/xfs_vfsops.c index 47c890778bb6..ba8f7a3e4028 100644 --- a/fs/xfs/xfs_vfsops.c +++ b/fs/xfs/xfs_vfsops.c | |||
@@ -480,13 +480,19 @@ xfs_mount( | |||
480 | } | 480 | } |
481 | if (rtdev) { | 481 | if (rtdev) { |
482 | mp->m_rtdev_targp = xfs_alloc_buftarg(rtdev, 1); | 482 | mp->m_rtdev_targp = xfs_alloc_buftarg(rtdev, 1); |
483 | if (!mp->m_rtdev_targp) | 483 | if (!mp->m_rtdev_targp) { |
484 | xfs_blkdev_put(logdev); | ||
485 | xfs_blkdev_put(rtdev); | ||
484 | goto error0; | 486 | goto error0; |
487 | } | ||
485 | } | 488 | } |
486 | mp->m_logdev_targp = (logdev && logdev != ddev) ? | 489 | mp->m_logdev_targp = (logdev && logdev != ddev) ? |
487 | xfs_alloc_buftarg(logdev, 1) : mp->m_ddev_targp; | 490 | xfs_alloc_buftarg(logdev, 1) : mp->m_ddev_targp; |
488 | if (!mp->m_logdev_targp) | 491 | if (!mp->m_logdev_targp) { |
492 | xfs_blkdev_put(logdev); | ||
493 | xfs_blkdev_put(rtdev); | ||
489 | goto error0; | 494 | goto error0; |
495 | } | ||
490 | 496 | ||
491 | /* | 497 | /* |
492 | * Setup flags based on mount(2) options and then the superblock | 498 | * Setup flags based on mount(2) options and then the superblock |