From: Abhijith Das <adas@redhat.com> Date: Wed, 4 Feb 2009 22:35:38 -0600 Subject: [gfs2] panic in debugfs_remove when unmounting Message-id: 498A6C9A.1070408@redhat.com O-Subject: [PATCH RHEL5.4][GFS2] bz483617 - reproducible panic in debugfs_remove when unmounting gfs2 filesystem Bugzilla: 483617 RH-Acked-by: Steven Whitehouse <swhiteho@redhat.com> RH-Acked-by: Bob Peterson <rpeterso@redhat.com> RH-Acked-by: Jeff Layton <jlayton@redhat.com> This is the RHEL5 version of an upstream patch that fixes the use-after-free bug 483617. All operations are now performed in the correct order during unmount. Signed-off-by: Abhi Das <adas@redhat.com> Signed-off-by: Steve Whitehouse <swhiteho@redhat.com> diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index 47a92bd..eaf887b 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1161,17 +1161,21 @@ static int gfs2_get_sb_meta(struct file_system_type *fs_type, int flags, static void gfs2_kill_sb(struct super_block *sb) { struct gfs2_sbd *sdp = sb->s_fs_info; - if (sdp) { - gfs2_meta_syncfs(sdp); - dput(sdp->sd_root_dir); - dput(sdp->sd_master_dir); - sdp->sd_root_dir = NULL; - sdp->sd_master_dir = NULL; + + if (sdp == NULL) { + kill_block_super(sb); + return; } + + gfs2_meta_syncfs(sdp); + dput(sdp->sd_root_dir); + dput(sdp->sd_master_dir); + sdp->sd_root_dir = NULL; + sdp->sd_master_dir = NULL; shrink_dcache_sb(sb); kill_block_super(sb); - if (sdp) - gfs2_delete_debugfs_file(sdp); + gfs2_delete_debugfs_file(sdp); + kfree(sdp); } struct file_system_type gfs2_fs_type = { diff --git a/fs/gfs2/ops_super.c b/fs/gfs2/ops_super.c index 32eff05..90ce859 100644 --- a/fs/gfs2/ops_super.c +++ b/fs/gfs2/ops_super.c @@ -186,7 +186,6 @@ static void gfs2_put_super(struct super_block *sb) /* At this point, we're through participating in the lockspace */ gfs2_sys_fs_del(sdp); - kfree(sdp); } /**