summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGunnar Beutner <[email protected]>2012-04-05 10:30:10 +0200
committerBrian Behlendorf <[email protected]>2012-04-05 11:29:42 -0700
commit1f0d8a566f0251ff9404b98233ae8d5406c6d308 (patch)
treec238856f2a530d8dae08daff2ca6fc1e714cc87c
parent2ce9d0ec61706e56abd4c56fe78bfe11365ad130 (diff)
Fixed a NULL pointer dereference bug in zfs_preumount
When zpl_fill_super -> zfs_domount fails (e.g. because the dataset was destroyed before it could be successfully mounted) the subsequent call to zpl_kill_sb -> zfs_preumount would derefence a NULL pointer. This bug can be reproduced using this shell script: #!/bin/sh ( while true; do zfs create -o mountpoint=legacz tank/bar zfs destroy tank/bar done ) & ( while true; do mount -t zfs tank/bar /mnt umount /mnt done ) & Signed-off-by: Brian Behlendorf <[email protected]> Closes #639
-rw-r--r--module/zfs/zfs_vfsops.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/module/zfs/zfs_vfsops.c b/module/zfs/zfs_vfsops.c
index 8f1c713c0..998cfde32 100644
--- a/module/zfs/zfs_vfsops.c
+++ b/module/zfs/zfs_vfsops.c
@@ -1231,7 +1231,7 @@ zfs_preumount(struct super_block *sb)
{
zfs_sb_t *zsb = sb->s_fs_info;
- if (zsb->z_ctldir != NULL)
+ if (zsb != NULL && zsb->z_ctldir != NULL)
zfsctl_destroy(zsb);
}
EXPORT_SYMBOL(zfs_preumount);