• Christoph Hellwig's avatar
    [XFS] fix NULL pointer dereference in xfs_log_force_umount · bac8dca9
    Christoph Hellwig authored
    xfs_log_force_umount may be called very early during log recovery where
    
    If we fail a buffer read in xlog_recover_do_inode_trans we abort the mount.
    But at that point log recovery has started delayed writeback of inode
    buffers.   As part of the aborted mount we try to flush out all delwri
    buffers, but at that point we have already freed the superblock, and set
    mp->m_sb_bp to NULL, and xfs_log_force_umount which gets called after
    the inode buffer writeback trips over it.
    
    Make xfs_log_force_umount a little more careful when accessing mp->m_sb_bp
    to avoid this.
    Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
    Reviewed-by: default avatarEric Sandeen <sandeen@sandeen.net>
    Signed-off-by: default avatarNiv Sardi <xaiki@sgi.com>
    bac8dca9
xfs_log.c 106 KB