diff options
author | Steven Whitehouse <swhiteho@redhat.com> | 2008-12-19 15:43:05 +0000 |
---|---|---|
committer | Steven Whitehouse <swhiteho@redhat.com> | 2009-01-05 07:39:19 +0000 |
commit | 88a19ad066c1aab2f9713beb670525fcc06e1c09 (patch) | |
tree | 2d967c8f553a9dd862dc92fb085e5af1be859956 /fs/gfs2 | |
parent | fefc03bfedeff2002f14e848ecb7c0cd77ee0b15 (diff) | |
download | kernel_samsung_crespo-88a19ad066c1aab2f9713beb670525fcc06e1c09.zip kernel_samsung_crespo-88a19ad066c1aab2f9713beb670525fcc06e1c09.tar.gz kernel_samsung_crespo-88a19ad066c1aab2f9713beb670525fcc06e1c09.tar.bz2 |
GFS2: Fix use-after-free bug on umount (try #2)
This should solve the issue with the previous attempt at fixing this.
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2')
-rw-r--r-- | fs/gfs2/ops_fstype.c | 20 | ||||
-rw-r--r-- | fs/gfs2/ops_super.c | 1 |
2 files changed, 12 insertions, 9 deletions
diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index 4cae60f..f91eebd 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1263,17 +1263,21 @@ static int gfs2_get_sb_meta(struct file_system_type *fs_type, int flags, static void gfs2_kill_sb(struct super_block *sb) { struct gfs2_sbd *sdp = sb->s_fs_info; - if (sdp) { - gfs2_meta_syncfs(sdp); - dput(sdp->sd_root_dir); - dput(sdp->sd_master_dir); - sdp->sd_root_dir = NULL; - sdp->sd_master_dir = NULL; + + if (sdp == NULL) { + kill_block_super(sb); + return; } + + gfs2_meta_syncfs(sdp); + dput(sdp->sd_root_dir); + dput(sdp->sd_master_dir); + sdp->sd_root_dir = NULL; + sdp->sd_master_dir = NULL; shrink_dcache_sb(sb); kill_block_super(sb); - if (sdp) - gfs2_delete_debugfs_file(sdp); + gfs2_delete_debugfs_file(sdp); + kfree(sdp); } struct file_system_type gfs2_fs_type = { diff --git a/fs/gfs2/ops_super.c b/fs/gfs2/ops_super.c index 08837a7..777783d 100644 --- a/fs/gfs2/ops_super.c +++ b/fs/gfs2/ops_super.c @@ -182,7 +182,6 @@ static void gfs2_put_super(struct super_block *sb) /* At this point, we're through participating in the lockspace */ gfs2_sys_fs_del(sdp); - kfree(sdp); } /** |