From: Eric Sandeen <sandeen@sandeen.net>
To: Christoph Hellwig <hch@infradead.org>
Cc: aluno3@poczta.onet.pl, xfs@oss.sgi.com
Subject: Re: [PATCH] fix NULL pointer dereference in xfs_log_force_umount
Date: Fri, 21 Nov 2008 12:23:05 -0600 [thread overview]
Message-ID: <4926FC89.60607@sandeen.net> (raw)
In-Reply-To: <20081121162829.GA17277@infradead.org>
Christoph Hellwig wrote:
> xfs_log_force_umount may be called very early during log recovery where
>
> If we fail a buffer read in xlog_recover_do_inode_trans we abort the mount.
> But at that point log recovery has started delayed writeback of inode
> buffers. As part of the aborted mount we try to flush out all delwri
> buffers, but at that point we have already freed the superblock, and set
> mp->m_sb_bp to NULL, and xfs_log_force_umount which gets called after
> the inode buffer writeback trips over it.
>
> Make xfs_log_force_umounr a little more careful when accessing mp->m_sb_bp
> to avoid this.
Seems fine (btw: s/unmounr/unmount/) ;)
-eric
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
>
> Index: xfs-2.6/fs/xfs/xfs_log.c
> ===================================================================
> --- xfs-2.6.orig/fs/xfs/xfs_log.c 2008-11-21 17:07:30.000000000 +0100
> +++ xfs-2.6/fs/xfs/xfs_log.c 2008-11-21 17:13:02.000000000 +0100
> @@ -3525,7 +3525,8 @@ xfs_log_force_umount(
> if (!log ||
> log->l_flags & XLOG_ACTIVE_RECOVERY) {
> mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
> - XFS_BUF_DONE(mp->m_sb_bp);
> + if (mp->m_sb_bp)
> + XFS_BUF_DONE(mp->m_sb_bp);
> return 0;
> }
>
> @@ -3546,7 +3547,9 @@ xfs_log_force_umount(
> spin_lock(&log->l_icloglock);
> spin_lock(&log->l_grant_lock);
> mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
> - XFS_BUF_DONE(mp->m_sb_bp);
> + if (mp->m_sb_bp)
> + XFS_BUF_DONE(mp->m_sb_bp);
> +
> /*
> * This flag is sort of redundant because of the mount flag, but
> * it's good to maintain the separation between the log and the rest
>
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
>
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
prev parent reply other threads:[~2008-11-21 18:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-21 16:28 [PATCH] fix NULL pointer dereference in xfs_log_force_umount Christoph Hellwig
2008-11-21 18:23 ` Eric Sandeen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4926FC89.60607@sandeen.net \
--to=sandeen@sandeen.net \
--cc=aluno3@poczta.onet.pl \
--cc=hch@infradead.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox