aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJesper Juhl <jesper.juhl@gmail.com>2007-08-16 16:25:42 +1000
committerTim Shimmin <tes@chook.melbourne.sgi.com>2007-10-15 16:42:48 +1000
commit49ee6c911f0ae5b3a9a04e0589e3265e52f94f53 (patch)
treeb95ccb140532df8601f69f86fb3ccb8dbd80a7ea /fs
parentdcb3b83febd1028afbc4a32cf7642a6580e349c6 (diff)
downloadkernel_samsung_aries-49ee6c911f0ae5b3a9a04e0589e3265e52f94f53.zip
kernel_samsung_aries-49ee6c911f0ae5b3a9a04e0589e3265e52f94f53.tar.gz
kernel_samsung_aries-49ee6c911f0ae5b3a9a04e0589e3265e52f94f53.tar.bz2
[XFS] Fix a potential NULL pointer deref in XFS on failed mount.
If we fail to open the the log device buftarg, we can fall through to error handling code that fails to check for a NULL log device buftarg before calling xfs_free_buftarg(). This patch fixes the issue by checking mp->m_logdev_targp against NULL in xfs_unmountfs_close() and doing the proper xfs_blkdev_put(logdev); and xfs_blkdev_put(rtdev); on (!mp->m_rtdev_targp) in xfs_mount(). Discovered by the Coverity checker. SGI-PV: 968563 SGI-Modid: xfs-linux-melb:xfs-kern:29328a Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Tim Shimmin <tes@sgi.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/xfs/xfs_mount.c2
-rw-r--r--fs/xfs/xfs_vfsops.c10
2 files changed, 9 insertions, 3 deletions
diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
index cfe4de5..eef27f2 100644
--- a/fs/xfs/xfs_mount.c
+++ b/fs/xfs/xfs_mount.c
@@ -1262,7 +1262,7 @@ xfs_unmountfs(xfs_mount_t *mp, struct cred *cr)
void
xfs_unmountfs_close(xfs_mount_t *mp, struct cred *cr)
{
- if (mp->m_logdev_targp != mp->m_ddev_targp)
+ if (mp->m_logdev_targp && mp->m_logdev_targp != mp->m_ddev_targp)
xfs_free_buftarg(mp->m_logdev_targp, 1);
if (mp->m_rtdev_targp)
xfs_free_buftarg(mp->m_rtdev_targp, 1);
diff --git a/fs/xfs/xfs_vfsops.c b/fs/xfs/xfs_vfsops.c
index 47c8907..ba8f7a3 100644
--- a/fs/xfs/xfs_vfsops.c
+++ b/fs/xfs/xfs_vfsops.c
@@ -480,13 +480,19 @@ xfs_mount(
}
if (rtdev) {
mp->m_rtdev_targp = xfs_alloc_buftarg(rtdev, 1);
- if (!mp->m_rtdev_targp)
+ if (!mp->m_rtdev_targp) {
+ xfs_blkdev_put(logdev);
+ xfs_blkdev_put(rtdev);
goto error0;
+ }
}
mp->m_logdev_targp = (logdev && logdev != ddev) ?
xfs_alloc_buftarg(logdev, 1) : mp->m_ddev_targp;
- if (!mp->m_logdev_targp)
+ if (!mp->m_logdev_targp) {
+ xfs_blkdev_put(logdev);
+ xfs_blkdev_put(rtdev);
goto error0;
+ }
/*
* Setup flags based on mount(2) options and then the superblock