summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Ryabinin <aryabinin@virtuozzo.com>2016-08-23 17:55:31 +0200
committerJens Axboe <axboe@fb.com>2016-08-25 16:38:26 +0200
commit5bb53c0fb8e0fc2e34287d5d0fcadc784de913e1 (patch)
tree21251b388aec1c09a072ddb489abff447f2c52d6
parentblk-mq: improve warning for running a queue on the wrong CPU (diff)
downloadlinux-5bb53c0fb8e0fc2e34287d5d0fcadc784de913e1.tar.xz
linux-5bb53c0fb8e0fc2e34287d5d0fcadc784de913e1.zip
fs/block_dev: fix potential NULL ptr deref in freeze_bdev()
Calling freeze_bdev() twice on the same block device without mounted filesystem get_super() will return NULL, which will lead to NULL-ptr dereference later in drop_super(). Check get_super() result to fix that. Note, that this is a purely theoretical issue. We have only 3 freeze_bdev() callers. 2 of them are in filesystem code and used on a device with mounted fs. The third one in lock_fs() has protection in upper-layer code against freezing block device the second time without thawing it first. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
-rw-r--r--fs/block_dev.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/block_dev.c b/fs/block_dev.c
index e17bdbdfe9b1..08ae99343d92 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -249,7 +249,8 @@ struct super_block *freeze_bdev(struct block_device *bdev)
* thaw_bdev drops it.
*/
sb = get_super(bdev);
- drop_super(sb);
+ if (sb)
+ drop_super(sb);
mutex_unlock(&bdev->bd_fsfreeze_mutex);
return sb;
}