Fix use after free in get_tree_bdev()
Commit6fcf0c72e4
, a fix to get_tree_bdev() put a missing blkdev_put() in the wrong place, before a warnf() that displays the bdev under consideration rather after it. This results in a silent lockup in printk("%pg") called via warnf() from get_tree_bdev() under some circumstances when there's a race with the blockdev being frozen. This can be caused by xfstests/tests/generic/085 in combination with Lukas Czerner's ext4 mount API conversion patchset. It looks like it ought to occur with other users of get_tree_bdev() such as XFS, but apparently doesn't. Fix this by switching the order of the lines. Fixes:6fcf0c72e4
("vfs: add missing blkdev_put() in get_tree_bdev()") Reported-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> cc: Ian Kent <raven@themaw.net> cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
edb98d1624
commit
dd7bc8158b
|
@ -1302,8 +1302,8 @@ int get_tree_bdev(struct fs_context *fc,
|
|||
mutex_lock(&bdev->bd_fsfreeze_mutex);
|
||||
if (bdev->bd_fsfreeze_count > 0) {
|
||||
mutex_unlock(&bdev->bd_fsfreeze_mutex);
|
||||
blkdev_put(bdev, mode);
|
||||
warnf(fc, "%pg: Can't mount, blockdev is frozen", bdev);
|
||||
blkdev_put(bdev, mode);
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue