2010-04-15 01:04:59

by Kevin Cernekee

[permalink] [raw]
Subject: [PATCH] LogFS: Fix oops on failed mount

logfs_kill_sb() calls mempool_destroy() on super->s_alias_pool . But if
logfs_kill_sb() is being called because the mount failed (e.g.
__logfs_read_sb() returned -EIO) this pointer will still be NULL,
resulting in a kernel oops.

Signed-off-by: Kevin Cernekee <[email protected]>
---
fs/logfs/super.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/fs/logfs/super.c b/fs/logfs/super.c
index b60bfac..f817713 100644
--- a/fs/logfs/super.c
+++ b/fs/logfs/super.c
@@ -517,7 +517,8 @@ static void logfs_kill_sb(struct super_block *sb)
__free_page(super->s_erase_page);
super->s_devops->put_device(sb);
mempool_destroy(super->s_btree_pool);
- mempool_destroy(super->s_alias_pool);
+ if (super->s_alias_pool)
+ mempool_destroy(super->s_alias_pool);
kfree(super);
log_super("LogFS: Finished unmounting\n");
}
--
1.6.3.1


2010-04-15 06:16:27

by Jörn Engel

[permalink] [raw]
Subject: Re: [PATCH] LogFS: Fix oops on failed mount

On Wed, 14 April 2010 17:56:10 -0700, Kevin Cernekee wrote:
>
> logfs_kill_sb() calls mempool_destroy() on super->s_alias_pool . But if
> logfs_kill_sb() is being called because the mount failed (e.g.
> __logfs_read_sb() returned -EIO) this pointer will still be NULL,
> resulting in a kernel oops.
>
> Signed-off-by: Kevin Cernekee <[email protected]>
> ---
> fs/logfs/super.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/logfs/super.c b/fs/logfs/super.c
> index b60bfac..f817713 100644
> --- a/fs/logfs/super.c
> +++ b/fs/logfs/super.c
> @@ -517,7 +517,8 @@ static void logfs_kill_sb(struct super_block *sb)
> __free_page(super->s_erase_page);
> super->s_devops->put_device(sb);
> mempool_destroy(super->s_btree_pool);
> - mempool_destroy(super->s_alias_pool);
> + if (super->s_alias_pool)
> + mempool_destroy(super->s_alias_pool);
> kfree(super);
> log_super("LogFS: Finished unmounting\n");
> }

That shouldn't have happened. I fixed this bug in a patch from almost
exactly one month ago. But when moving patches from a test tree, this
one patch got lost. Added to my release tree now - finally:

git://git.kernel.org/pub/scm/linux/kernel/git/joern/logfs.git

Sorry that you had to step into that turd and thank you for shoving my
nose into it. I'll try to be a good dog and not do it again.

Jörn

--
When you close your hand, you own nothing. When you open it up, you
own the whole world.
-- Li Mu Bai in Tiger & Dragon