GFS2: Fix use-after-free bug on umount (try #2)

This should solve the issue with the previous attempt at fixing this. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
git-mirror · Jan 5, 2009 · 88a19ad · 88a19ad
1 parent fefc03b
commit 88a19ad
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
@@ -1263,17 +1263,21 @@ static int gfs2_get_sb_meta(struct file_system_type *fs_type, int flags,
 static void gfs2_kill_sb(struct super_block *sb)
 {
 	struct gfs2_sbd *sdp = sb->s_fs_info;
-	if (sdp) {
-		gfs2_meta_syncfs(sdp);
-		dput(sdp->sd_root_dir);
-		dput(sdp->sd_master_dir);
-		sdp->sd_root_dir = NULL;
-		sdp->sd_master_dir = NULL;
+
+	if (sdp == NULL) {
+		kill_block_super(sb);
+		return;
 	}
+
+	gfs2_meta_syncfs(sdp);
+	dput(sdp->sd_root_dir);
+	dput(sdp->sd_master_dir);
+	sdp->sd_root_dir = NULL;
+	sdp->sd_master_dir = NULL;
 	shrink_dcache_sb(sb);
 	kill_block_super(sb);
-	if (sdp)
-		gfs2_delete_debugfs_file(sdp);
+	gfs2_delete_debugfs_file(sdp);
+	kfree(sdp);
 }
 
 struct file_system_type gfs2_fs_type = {

diff --git a/fs/gfs2/ops_super.c b/fs/gfs2/ops_super.c
@@ -182,7 +182,6 @@ static void gfs2_put_super(struct super_block *sb)
 
 	/*  At this point, we're through participating in the lockspace  */
 	gfs2_sys_fs_del(sdp);
-	kfree(sdp);
 }
 
 /**
-Original file line number
+Diff line change
@@ Expand Up / @@ -182,7 +182,6 @@ static void gfs2_put_super(struct super_block *sb) @@
     	/*  At this point, we're through participating in the lockspace  */
     	gfs2_sys_fs_del(sdp);
-    	kfree(sdp);
     }
     /**
@@ Expand Down @@