xfs
[Top] [All Lists]

Re: [PATCH] fix NULL pointer dereference in xfs_log_force_umount

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject: Re: [PATCH] fix NULL pointer dereference in xfs_log_force_umount
From: Eric Sandeen <sandeen@xxxxxxxxxxx>
Date: Fri, 21 Nov 2008 12:23:05 -0600
Cc: xfs@xxxxxxxxxxx, aluno3@xxxxxxxxxxxxxx
In-reply-to: <20081121162829.GA17277@xxxxxxxxxxxxx>
References: <20081121162829.GA17277@xxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.16 (X11/20080723)
Christoph Hellwig wrote:
> xfs_log_force_umount may be called very early during log recovery where
> 
> If we fail a buffer read in xlog_recover_do_inode_trans we abort the mount.
> But at that point log recovery has started delayed writeback of inode
> buffers.   As part of the aborted mount we try to flush out all delwri
> buffers, but at that point we have already freed the superblock, and set
> mp->m_sb_bp to NULL, and xfs_log_force_umount which gets called after
> the inode buffer writeback trips over it.
> 
> Make xfs_log_force_umounr a little more careful when accessing mp->m_sb_bp
> to avoid this.

Seems fine (btw:  s/unmounr/unmount/)  ;)

-eric

> 
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
> 
> Index: xfs-2.6/fs/xfs/xfs_log.c
> ===================================================================
> --- xfs-2.6.orig/fs/xfs/xfs_log.c     2008-11-21 17:07:30.000000000 +0100
> +++ xfs-2.6/fs/xfs/xfs_log.c  2008-11-21 17:13:02.000000000 +0100
> @@ -3525,7 +3525,8 @@ xfs_log_force_umount(
>       if (!log ||
>           log->l_flags & XLOG_ACTIVE_RECOVERY) {
>               mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
> -             XFS_BUF_DONE(mp->m_sb_bp);
> +             if (mp->m_sb_bp)
> +                     XFS_BUF_DONE(mp->m_sb_bp);
>               return 0;
>       }
>  
> @@ -3546,7 +3547,9 @@ xfs_log_force_umount(
>       spin_lock(&log->l_icloglock);
>       spin_lock(&log->l_grant_lock);
>       mp->m_flags |= XFS_MOUNT_FS_SHUTDOWN;
> -     XFS_BUF_DONE(mp->m_sb_bp);
> +     if (mp->m_sb_bp)
> +             XFS_BUF_DONE(mp->m_sb_bp);
> +
>       /*
>        * This flag is sort of redundant because of the mount flag, but
>        * it's good to maintain the separation between the log and the rest
> 
> _______________________________________________
> xfs mailing list
> xfs@xxxxxxxxxxx
> http://oss.sgi.com/mailman/listinfo/xfs
> 

<Prev in Thread] Current Thread [Next in Thread>