mirror of
				git://git.yoctoproject.org/linux-yocto.git
				synced 2025-10-22 15:03:53 +02:00 
			
		
		
		
	gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add
When gfs2_sys_fs_add() fails, it sets sb->s_fs_info to NULL on its error path (see commit0d515210b6("GFS2: Add kobject release method")). The intention seems to be to prevent dereferencing sb->s_fs_info once the object pointed to has been deallocated, but that would be better achieved by setting the pointer to NULL in free_sbd(). As a consequence, when the call to gfs2_sys_fs_add() fails in gfs2_fill_super(), sdp = GFS2_SB(inode) will evaluate to NULL in iput() -> gfs2_drop_inode(), and accessing sdp->sd_flags will be a NULL pointer dereference. Fix that by only setting sb->s_fs_info to NULL when actually freeing the object pointed to in free_sbd(). Fixes:ae9f3bd825("gfs2: replace sd_aspace with sd_inode") Reported-by: syzbot+b12826218502df019f9d@syzkaller.appspotmail.com Signed-off-by: Andrew Price <anprice@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
This commit is contained in:
		
							parent
							
								
									914873bc7d
								
							
						
					
					
						commit
						9126d2754c
					
				|  | @ -64,7 +64,10 @@ static void gfs2_tune_init(struct gfs2_tune *gt) | |||
| 
 | ||||
| void free_sbd(struct gfs2_sbd *sdp) | ||||
| { | ||||
| 	struct super_block *sb = sdp->sd_vfs; | ||||
| 
 | ||||
| 	free_percpu(sdp->sd_lkstats); | ||||
| 	sb->s_fs_info = NULL; | ||||
| 	kfree(sdp); | ||||
| } | ||||
| 
 | ||||
|  | @ -1314,7 +1317,6 @@ fail_iput: | |||
| 	iput(sdp->sd_inode); | ||||
| fail_free: | ||||
| 	free_sbd(sdp); | ||||
| 	sb->s_fs_info = NULL; | ||||
| 	return error; | ||||
| } | ||||
| 
 | ||||
|  |  | |||
|  | @ -764,7 +764,6 @@ fail_reg: | |||
| 	fs_err(sdp, "error %d adding sysfs files\n", error); | ||||
| 	kobject_put(&sdp->sd_kobj); | ||||
| 	wait_for_completion(&sdp->sd_kobj_unregister); | ||||
| 	sb->s_fs_info = NULL; | ||||
| 	return error; | ||||
| } | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Andrew Price
						Andrew Price