Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753340AbZI3G5U (ORCPT ); Wed, 30 Sep 2009 02:57:20 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753248AbZI3G5T (ORCPT ); Wed, 30 Sep 2009 02:57:19 -0400 Received: from brick.kernel.dk ([93.163.65.50]:54252 "EHLO kernel.dk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752902AbZI3G5T (ORCPT ); Wed, 30 Sep 2009 02:57:19 -0400 Date: Wed, 30 Sep 2009 08:57:22 +0200 From: Jens Axboe To: Suresh Jayaraman Cc: LKML , Hugh Dickins , Andrew Morton Subject: Re: [PATCH] swapfile: avoid NULL pointer dereference in swapon when s_bdev is NULL Message-ID: <20090930065722.GN23126@kernel.dk> References: <4AC1FC41.2060807@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4AC1FC41.2060807@suse.de> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1731 Lines: 50 On Tue, Sep 29 2009, Suresh Jayaraman wrote: > While testing Swap over NFS patchset, I noticed an oops that was triggered > during swapon. Investigating further, the NULL pointer deference is due to the > SSD device check/optimization in the swapon code that assumes s_bdev could never > be NULL. > > inode->i_sb->s_bdev could be NULL in a few cases. For e.g. one such case is > loopback NFS mount, there could be others as well. Fix this by ensuring s_bdev > is not NULL before we try to deference s_bdev. > > Signed-off-by: Suresh Jayaraman > --- > mm/swapfile.c | 12 +++++++----- > 1 files changed, 7 insertions(+), 5 deletions(-) > > diff --git a/mm/swapfile.c b/mm/swapfile.c > index 4de7f02..a1bc6b9 100644 > --- a/mm/swapfile.c > +++ b/mm/swapfile.c > @@ -1974,12 +1974,14 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) > goto bad_swap; > } > > - if (blk_queue_nonrot(bdev_get_queue(p->bdev))) { > - p->flags |= SWP_SOLIDSTATE; > - p->cluster_next = 1 + (random32() % p->highest_bit); > + if (p->bdev) { > + if (blk_queue_nonrot(bdev_get_queue(p->bdev))) { > + p->flags |= SWP_SOLIDSTATE; > + p->cluster_next = 1 + (random32() % p->highest_bit); > + } > + if (discard_swap(p) == 0) > + p->flags |= SWP_DISCARDABLE; > } > - if (discard_swap(p) == 0) > - p->flags |= SWP_DISCARDABLE; > > mutex_lock(&swapon_mutex); > spin_lock(&swap_lock); Thanks for the patch, looks correct. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/