diff options
author | Gunnar Beutner <[email protected]> | 2012-04-05 10:30:10 +0200 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2012-04-05 11:29:42 -0700 |
commit | 1f0d8a566f0251ff9404b98233ae8d5406c6d308 (patch) | |
tree | c238856f2a530d8dae08daff2ca6fc1e714cc87c | |
parent | 2ce9d0ec61706e56abd4c56fe78bfe11365ad130 (diff) |
Fixed a NULL pointer dereference bug in zfs_preumount
When zpl_fill_super -> zfs_domount fails (e.g. because the dataset
was destroyed before it could be successfully mounted) the subsequent
call to zpl_kill_sb -> zfs_preumount would derefence a NULL pointer.
This bug can be reproduced using this shell script:
#!/bin/sh
(
while true; do
zfs create -o mountpoint=legacz tank/bar
zfs destroy tank/bar
done
) &
(
while true; do
mount -t zfs tank/bar /mnt
umount /mnt
done
) &
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #639
-rw-r--r-- | module/zfs/zfs_vfsops.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/module/zfs/zfs_vfsops.c b/module/zfs/zfs_vfsops.c index 8f1c713c0..998cfde32 100644 --- a/module/zfs/zfs_vfsops.c +++ b/module/zfs/zfs_vfsops.c @@ -1231,7 +1231,7 @@ zfs_preumount(struct super_block *sb) { zfs_sb_t *zsb = sb->s_fs_info; - if (zsb->z_ctldir != NULL) + if (zsb != NULL && zsb->z_ctldir != NULL) zfsctl_destroy(zsb); } EXPORT_SYMBOL(zfs_preumount); |