ocfs2: fix NULL pointer dereference in function ocfs2_abort_trigger()
authorXue jiufei <xuejiufei@huawei.com>
Wed, 24 Jun 2015 23:55:20 +0000 (16:55 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 25 Jun 2015 00:49:39 +0000 (17:49 -0700)
ocfs2_abort_trigger() use bh->b_assoc_map to get sb.  But there's no
function to set bh->b_assoc_map in ocfs2, it will trigger NULL pointer
dereference while calling this function.  We can get sb from
bh->b_bdev->bd_super instead of b_assoc_map.

[akpm@linux-foundation.org: update comment, per Joseph]
Signed-off-by: joyce.xue <xuejiufei@huawei.com>
Cc: Joseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/ocfs2/journal.c

index 72db49c..69333be 100644 (file)
@@ -571,9 +571,7 @@ static void ocfs2_abort_trigger(struct jbd2_buffer_trigger_type *triggers,
             (unsigned long)bh,
             (unsigned long long)bh->b_blocknr);
 
-       /* We aren't guaranteed to have the superblock here - but if we
-        * don't, it'll just crash. */
-       ocfs2_error(bh->b_assoc_map->host->i_sb,
+       ocfs2_error(bh->b_bdev->bd_super,
                    "JBD2 has aborted our journal, ocfs2 cannot continue\n");
 }