diff options
authorAndrey Ryabinin <aryabinin@virtuozzo.com>2016-08-23 18:55:31 +0300
committerJens Axboe <axboe@fb.com>2016-08-25 08:38:26 -0600
commit5bb53c0fb8e0fc2e34287d5d0fcadc784de913e1 (patch)
parent0e87e58bf60edb6bb28e493c7a143f41b091a5e5 (diff)
fs/block_dev: fix potential NULL ptr deref in freeze_bdev()
Calling freeze_bdev() twice on the same block device without mounted filesystem get_super() will return NULL, which will lead to NULL-ptr dereference later in drop_super(). Check get_super() result to fix that. Note, that this is a purely theoretical issue. We have only 3 freeze_bdev() callers. 2 of them are in filesystem code and used on a device with mounted fs. The third one in lock_fs() has protection in upper-layer code against freezing block device the second time without thawing it first. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com>
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/block_dev.c b/fs/block_dev.c
index e17bdbdfe9b1..08ae99343d92 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -249,7 +249,8 @@ struct super_block *freeze_bdev(struct block_device *bdev)
* thaw_bdev drops it.
sb = get_super(bdev);
- drop_super(sb);
+ if (sb)
+ drop_super(sb);
return sb;