NULL pointer dereference in print_daily_error_info

From: Sergey Senozhatsky
Date: Tue Sep 14 2010 - 08:50:57 EST

Next message: Maurus Cuelenaere: "Re: [PATCH] USB device driver of Topcliff PCH"
Previous message: Chris Ball: "Re: [patch 21/30] mmc: Convert "mutex" to semaphore"
Next in thread: Ted Ts'o: "Re: NULL pointer dereference in print_daily_error_info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

This patch fixes NULL pointer dereference in print_daily_error_info, when
called
on unmounted fs (EXT4_SB(sb) returns NULL). Deleting error reporting timer
in
ext4_put_super fixes oops.

IRQ:
run_timer_softirq
?run_timer_softirq
print_daily_error_info
?__do_softirq
__do_softirq
call_softirq
do_softirq
irq_exit
smp_apic_timer_interrupt
apic_timer_interrupt
EOI
intel_idle
intel_idle
...

By the way, isn't print_daily_error_info racy? Is it safe to call
print_daily_error_info
(by timer event (softirq)) when we'are remounting fs, etc.?

Please kindly review.

---

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 2614774..751997d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -719,6 +719,7 @@ static void ext4_put_super(struct super_block *sb)
ext4_abort(sb, "Couldn't clean up the journal");
}

+ del_timer(&sbi->s_err_report);
ext4_release_system_zone(sb);
ext4_mb_release(sb);
ext4_ext_release(sb);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Maurus Cuelenaere: "Re: [PATCH] USB device driver of Topcliff PCH"
Previous message: Chris Ball: "Re: [patch 21/30] mmc: Convert "mutex" to semaphore"
Next in thread: Ted Ts'o: "Re: NULL pointer dereference in print_daily_error_info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]