aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorChristoph Hellwig <hch@infradead.org>2008-11-27 22:23:31 -0500
committerNiv Sardi <xaiki@sgi.com>2008-11-30 19:06:44 -0500
commitbac8dca9f9b1dfcf9c4ecb4f9ca17185b828cc20 (patch)
treefa26840c5e85eeed63575615c140f2913e6d9189 /fs
parentb5a20aa2657063cbf3b47fc700603180de4bb554 (diff)
[XFS] fix NULL pointer dereference in xfs_log_force_umount
xfs_log_force_umount may be called very early during log recovery where If we fail a buffer read in xlog_recover_do_inode_trans we abort the mount. But at that point log recovery has started delayed writeback of inode buffers. As part of the aborted mount we try to flush out all delwri buffers, but at that point we have already freed the superblock, and set mp->m_sb_bp to NULL, and xfs_log_force_umount which gets called after the inode buffer writeback trips over it. Make xfs_log_force_umount a little more careful when accessing mp->m_sb_bp to avoid this. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Eric Sandeen <sandeen@sandeen.net> Signed-off-by: Niv Sardi <xaiki@sgi.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/xfs/xfs_log.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c
index 4bf44aef644c..8a5b05536a28 100644
--- a/fs/xfs/xfs_log.c
+++ b/fs/xfs/xfs_log.c
@@ -3569,7 +3569,8 @@ xfs_log_force_umount(
3569 if (!log || 3569 if (!log ||
3570 log->l_flags & XLOG_ACTIVE_RECOVERY) { 3570 log->l_flags & XLOG_ACTIVE_RECOVERY) {
3571 mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN; 3571 mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
3572 XFS_BUF_DONE(mp->m_sb_bp); 3572 if (mp->m_sb_bp)
3573 XFS_BUF_DONE(mp->m_sb_bp);
3573 return 0; 3574 return 0;
3574 } 3575 }
3575 3576
@@ -3590,7 +3591,9 @@ xfs_log_force_umount(
3590 spin_lock(&log->l_icloglock); 3591 spin_lock(&log->l_icloglock);
3591 spin_lock(&log->l_grant_lock); 3592 spin_lock(&log->l_grant_lock);
3592 mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN; 3593 mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
3593 XFS_BUF_DONE(mp->m_sb_bp); 3594 if (mp->m_sb_bp)
3595 XFS_BUF_DONE(mp->m_sb_bp);
3596
3594 /* 3597 /*
3595 * This flag is sort of redundant because of the mount flag, but 3598 * This flag is sort of redundant because of the mount flag, but
3596 * it's good to maintain the separation between the log and the rest 3599 * it's good to maintain the separation between the log and the rest