[PATCH 18/18] gfs2: prevent NULL pointer dereference during unmount

gfs2 filesystem and dlm development
 help / color / mirror / Atom feed

From: Andreas Gruenbacher <agruenba@redhat.com>
To: gfs2@lists.linux.dev
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
	kernel test robot <lkp@intel.com>,
	Dan Carpenter <error27@gmail.com>
Subject: [PATCH 18/18] gfs2: prevent NULL pointer dereference during unmount
Date: Mon, 13 Apr 2026 16:52:11 +0200	[thread overview]
Message-ID: <20260413145211.881752-19-agruenba@redhat.com> (raw)
In-Reply-To: <20260413145211.881752-1-agruenba@redhat.com>

When flushing out outstanding glock work during an unmount, gfs2_log_flush()
can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc
is NULL.  Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in
gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it
missed the sdp->sd_jdesc dereference in gfs2_log_release().  Fix that.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Closes: https://lore.kernel.org/r/202604071139.HNJiCaAi-lkp@intel.com/
Fixes: 35264909e9d1 ("gfs2: Fix NULL pointer dereference in gfs2_log_flush")
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
 fs/gfs2/log.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/gfs2/log.c b/fs/gfs2/log.c
index 3a01d4e7667a..78bba8cc10b8 100644
--- a/fs/gfs2/log.c
+++ b/fs/gfs2/log.c
@@ -467,8 +467,9 @@ void gfs2_log_release(struct gfs2_sbd *sdp, unsigned int blks)
 {
 	atomic_add(blks, &sdp->sd_log_blks_free);
 	trace_gfs2_log_blocks(sdp, blks);
-	gfs2_assert_withdraw(sdp, atomic_read(&sdp->sd_log_blks_free) <=
-				  sdp->sd_jdesc->jd_blocks);
+	gfs2_assert_withdraw(sdp, !sdp->sd_jdesc ||
+			atomic_read(&sdp->sd_log_blks_free) <=
+			sdp->sd_jdesc->jd_blocks);
 	if (atomic_read(&sdp->sd_log_blks_needed))
 		wake_up(&sdp->sd_log_waitq);
 }
-- 
2.53.0

     prev parent reply	other threads:[~2026-04-13 14:52 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-13 14:51 [PATCH 00/18] gfs2 patches on for-next Andreas Gruenbacher
2026-04-13 14:51 ` [PATCH 01/18] gfs2: Call unlock_new_inode before d_instantiate Andreas Gruenbacher
2026-04-13 14:51 ` [PATCH 02/18] gfs2: Remove unnecessary check in gfs2_evict_inode Andreas Gruenbacher
2026-04-13 14:51 ` [PATCH 03/18] gfs2: Avoid unnecessary transactions in evict_linked_inode Andreas Gruenbacher
2026-04-13 14:51 ` [PATCH 04/18] gfs2: minor evict_[un]linked_inode cleanup Andreas Gruenbacher
2026-04-13 14:51 ` [PATCH 05/18] gfs2: Fix data loss during inode evict Andreas Gruenbacher
2026-04-13 14:51 ` [PATCH 06/18] gfs2: less aggressive low-memory log flushing Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 07/18] gfs2: Get rid of gfs2_log_[un]lock helpers Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 08/18] gfs2: Move gfs2_remove_from_journal to log.c Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 09/18] gfs2: Remove trans_drain code duplication Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 10/18] gfs2: bufdata allocation race Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 11/18] gfs2: drain ail under sd_log_flush_lock Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 12/18] gfs2: fix address space truncation during withdraw Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 13/18] gfs2: add some missing log locking Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 14/18] gfs2: gfs2_log_flush withdraw fixes Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 15/18] gfs2: inode directory consistency checks Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 16/18] gfs2: wait for withdraw earlier during unmount Andreas Gruenbacher
2026-04-13 14:52 ` [PATCH 17/18] gfs2: hide error messages after withdraw Andreas Gruenbacher
2026-04-13 14:52 ` Andreas Gruenbacher [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3a01d4e7667 dfblob:78bba8cc10b )
 OR (
bs:"[PATCH 18/18] gfs2: prevent NULL pointer dereference during unmount" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260413145211.881752-19-agruenba@redhat.com \
    --to=agruenba@redhat.com \
    --cc=error27@gmail.com \
    --cc=gfs2@lists.linux.dev \
    --cc=lkp@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox