aboutsummaryrefslogtreecommitdiffstats
path: root/fs/gfs2
diff options
context:
space:
mode:
authorSteven Whitehouse <swhiteho@redhat.com>2008-12-19 15:43:05 +0000
committerSteven Whitehouse <swhiteho@redhat.com>2009-01-05 07:39:19 +0000
commit88a19ad066c1aab2f9713beb670525fcc06e1c09 (patch)
tree2d967c8f553a9dd862dc92fb085e5af1be859956 /fs/gfs2
parentfefc03bfedeff2002f14e848ecb7c0cd77ee0b15 (diff)
downloadkernel_samsung_crespo-88a19ad066c1aab2f9713beb670525fcc06e1c09.zip
kernel_samsung_crespo-88a19ad066c1aab2f9713beb670525fcc06e1c09.tar.gz
kernel_samsung_crespo-88a19ad066c1aab2f9713beb670525fcc06e1c09.tar.bz2
GFS2: Fix use-after-free bug on umount (try #2)
This should solve the issue with the previous attempt at fixing this. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2')
-rw-r--r--fs/gfs2/ops_fstype.c20
-rw-r--r--fs/gfs2/ops_super.c1
2 files changed, 12 insertions, 9 deletions
diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index 4cae60f..f91eebd 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -1263,17 +1263,21 @@ static int gfs2_get_sb_meta(struct file_system_type *fs_type, int flags,
static void gfs2_kill_sb(struct super_block *sb)
{
struct gfs2_sbd *sdp = sb->s_fs_info;
- if (sdp) {
- gfs2_meta_syncfs(sdp);
- dput(sdp->sd_root_dir);
- dput(sdp->sd_master_dir);
- sdp->sd_root_dir = NULL;
- sdp->sd_master_dir = NULL;
+
+ if (sdp == NULL) {
+ kill_block_super(sb);
+ return;
}
+
+ gfs2_meta_syncfs(sdp);
+ dput(sdp->sd_root_dir);
+ dput(sdp->sd_master_dir);
+ sdp->sd_root_dir = NULL;
+ sdp->sd_master_dir = NULL;
shrink_dcache_sb(sb);
kill_block_super(sb);
- if (sdp)
- gfs2_delete_debugfs_file(sdp);
+ gfs2_delete_debugfs_file(sdp);
+ kfree(sdp);
}
struct file_system_type gfs2_fs_type = {
diff --git a/fs/gfs2/ops_super.c b/fs/gfs2/ops_super.c
index 08837a7..777783d 100644
--- a/fs/gfs2/ops_super.c
+++ b/fs/gfs2/ops_super.c
@@ -182,7 +182,6 @@ static void gfs2_put_super(struct super_block *sb)
/* At this point, we're through participating in the lockspace */
gfs2_sys_fs_del(sdp);
- kfree(sdp);
}
/**