From: Eric Sandeen <sandeen@sandeen.net>
To: Christoph Hellwig <hch@infradead.org>
Cc: aluno3@poczta.onet.pl, xfs@oss.sgi.com
Subject: Re: [PATCH] fix NULL pointer dereference in xfs_log_force_umount
Date: Fri, 21 Nov 2008 12:23:05 -0600 [thread overview]
Message-ID: <4926FC89.60607@sandeen.net> (raw)
In-Reply-To: <20081121162829.GA17277@infradead.org>
Christoph Hellwig wrote:
> xfs_log_force_umount may be called very early during log recovery where
>
> If we fail a buffer read in xlog_recover_do_inode_trans we abort the mount.
> But at that point log recovery has started delayed writeback of inode
> buffers. As part of the aborted mount we try to flush out all delwri
> buffers, but at that point we have already freed the superblock, and set
> mp->m_sb_bp to NULL, and xfs_log_force_umount which gets called after
> the inode buffer writeback trips over it.
>
> Make xfs_log_force_umounr a little more careful when accessing mp->m_sb_bp
> to avoid this.
Seems fine (btw: s/unmounr/unmount/) ;)
-eric
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
>
> Index: xfs-2.6/fs/xfs/xfs_log.c
> ===================================================================
> --- xfs-2.6.orig/fs/xfs/xfs_log.c 2008-11-21 17:07:30.000000000 +0100
> +++ xfs-2.6/fs/xfs/xfs_log.c 2008-11-21 17:13:02.000000000 +0100
> @@ -3525,7 +3525,8 @@ xfs_log_force_umount(
> if (!log ||
> log->l_flags & XLOG_ACTIVE_RECOVERY) {
> mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
> - XFS_BUF_DONE(mp->m_sb_bp);
> + if (mp->m_sb_bp)
> + XFS_BUF_DONE(mp->m_sb_bp);
> return 0;
> }
>
> @@ -3546,7 +3547,9 @@ xfs_log_force_umount(
> spin_lock(&log->l_icloglock);
> spin_lock(&log->l_grant_lock);
> mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
> - XFS_BUF_DONE(mp->m_sb_bp);
> + if (mp->m_sb_bp)
> + XFS_BUF_DONE(mp->m_sb_bp);
> +
> /*
> * This flag is sort of redundant because of the mount flag, but
> * it's good to maintain the separation between the log and the rest
>
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
>
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
prev parent reply other threads:[~2008-11-21 18:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-21 16:28 [PATCH] fix NULL pointer dereference in xfs_log_force_umount Christoph Hellwig
2008-11-21 18:23 ` Eric Sandeen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4926FC89.60607@sandeen.net \
--to=sandeen@sandeen.net \
--cc=aluno3@poczta.onet.pl \
--cc=hch@infradead.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.