writeback: fix dereferencing NULL bdi->dev on trace_writeback_queue

When a SD card is hot removed without umount, del_gendisk() will call
bdi_unregister() without destroying/freeing it. This leaves the bdi in
the bdi->dev = NULL, bdi->wb.task = NULL, bdi->bdi_list removed state.

When sync(2) gets the bdi before bdi_unregister() and calls
bdi_queue_work() after the unregister, trace_writeback_queue will be
dereferencing the NULL bdi->dev. Fix it with a simple test for NULL.

LKML-reference: http://lkml.org/lkml/2012/1/18/346
Cc: stable@kernel.org
Reported-by: Rabin Vincent <rabin@rab.in>
Tested-by: Namjae Jeon <linkinjeon@gmail.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h
index 06d302ebcb72..5973410e8f8c 100644
--- a/include/trace/events/writeback.h
+++ b/include/trace/events/writeback.h
@@ -47,7 +47,10 @@ DECLARE_EVENT_CLASS(writeback_work_class,
                 __field(int, reason)
         ),
         TP_fast_assign(
-                strncpy(__entry->name, dev_name(bdi->dev), 32);
+                struct device *dev = bdi->dev;
+                if (!dev)
+                        dev = default_backing_dev_info.dev;
+                strncpy(__entry->name, dev_name(dev), 32);
                 __entry->nr_pages = work->nr_pages;
                 __entry->sb_dev = work->sb ? work->sb->s_dev : 0;
                 __entry->sync_mode = work->sync_mode;