It's possible to freeze a bdev which is not mounted. In this case freeze_bdev() only increments bd_fsfrozen_count in order to prevent the bdev from being mounted and does nothing else. A second freeze attempt on the same device is supposed to increment bd_fsfrozen_count again, but it results in NULL ptr dereference, because freeze_bdev() doesn't check the return value of get_super(). Fix that.
Signed-off-by: Vladimir Davydov <[email protected]> --- fs/block_dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/block_dev.c b/fs/block_dev.c index 4575c62d8b0b..325ee7161fbf 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -227,7 +227,8 @@ struct super_block *freeze_bdev(struct block_device *bdev) * thaw_bdev drops it. */ sb = get_super(bdev); - drop_super(sb); + if (sb) + drop_super(sb); mutex_unlock(&bdev->bd_fsfreeze_mutex); return sb; } -- 2.1.4 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
