[Devel] [PATCH rh7 v3 3/4] fs/block_dev: fix NULL ptr deref in freeze_bdev()
Andrey Ryabinin
aryabinin at virtuozzo.com
Fri Aug 19 06:00:20 PDT 2016
freeze_bdev() called twice on the same block device without
mounted filesystem will lead to NULL-ptr deref:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
IP: [<ffffffff810b1729>] up_read+0x29/0x40
Call Trace:
[<ffffffff8121d2b6>] drop_super+0x16/0x30
[<ffffffff8125942b>] freeze_bdev+0x4b/0xd0
[<ffffffff815236db>] __dm_suspend+0xeb/0x220
[<ffffffff8152bfa0>] ? table_load+0x390/0x390
[<ffffffff81526aca>] dm_suspend+0xda/0x100
[<ffffffff810b171f>] ? up_read+0x1f/0x40
[<ffffffff8152c130>] dev_suspend+0x190/0x250
[<ffffffff8152ca17>] ctl_ioctl+0x247/0x520
[<ffffffff8152cd03>] dm_ctl_ioctl+0x13/0x20
[<ffffffff8122f11e>] do_vfs_ioctl+0x27e/0x550
[<ffffffff8122f444>] SyS_ioctl+0x54/0xa0
[<ffffffff816bda09>] system_call_fastpath+0x16/0x1b
Check get_super() result to fix that.
https://jira.sw.ru/browse/PSBM-50858
Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
fs/block_dev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 4575c62..325ee71 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -227,7 +227,8 @@ struct super_block *freeze_bdev(struct block_device *bdev)
* thaw_bdev drops it.
*/
sb = get_super(bdev);
- drop_super(sb);
+ if (sb)
+ drop_super(sb);
mutex_unlock(&bdev->bd_fsfreeze_mutex);
return sb;
}
--
2.7.3
More information about the Devel
mailing list