Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
gfs2: prevent NULL pointer dereference during unmount
When flushing out outstanding glock work during an unmount, gfs2_log_flush()
can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc
is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in
gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it
missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Closes: https://lore.kernel.org/r/202604071139.HNJiCaAi-lkp@intel.com/
Fixes: 35264909e9d1 ("gfs2: Fix NULL pointer dereference in gfs2_log_flush")
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+3
-2
+3
-2
fs/gfs2/log.c
+3
-2
fs/gfs2/log.c
···
467
467
{
468
468
atomic_add(blks, &sdp->sd_log_blks_free);
469
469
trace_gfs2_log_blocks(sdp, blks);
470
-
gfs2_assert_withdraw(sdp, atomic_read(&sdp->sd_log_blks_free) <=
471
-
sdp->sd_jdesc->jd_blocks);
470
+
gfs2_assert_withdraw(sdp, !sdp->sd_jdesc ||
471
+
atomic_read(&sdp->sd_log_blks_free) <=
472
+
sdp->sd_jdesc->jd_blocks);
472
473
if (atomic_read(&sdp->sd_log_blks_needed))
473
474
wake_up(&sdp->sd_log_waitq);
474
475
}