Skip to content

Commit

Permalink
Fixed a NULL pointer dereference bug in zfs_preumount
Browse files Browse the repository at this point in the history 
When zpl_fill_super -> zfs_domount fails (e.g. because the dataset
was destroyed before it could be successfully mounted) the subsequent
call to zpl_kill_sb -> zfs_preumount would derefence a NULL pointer.

This bug can be reproduced using this shell script:

 #!/bin/sh
 (
 while true; do
 	zfs create -o mountpoint=legacz tank/bar
 	zfs destroy tank/bar
 done
 ) &

 (
 while true; do
 	mount -t zfs tank/bar /mnt
 	umount /mnt
 done
 ) &

Signed-off-by: Brian Behlendorf <[email protected]>
Closes #639
  • Loading branch information
@gunnarbeutner @behlendorf
gunnarbeutner authored and behlendorf committed Apr 5, 2012
1 parent 2ce9d0e commit 1f0d8a5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion module/zfs/zfs_vfsops.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1231,7 +1231,7 @@ zfs_preumount(struct super_block *sb)
{
zfs_sb_t *zsb = sb->s_fs_info;

if (zsb->z_ctldir != NULL)
if (zsb != NULL && zsb->z_ctldir != NULL)
zfsctl_destroy(zsb);
}
EXPORT_SYMBOL(zfs_preumount);
Expand Down

0 comments on commit 1f0d8a5

Please sign in to comment.