[LogFS] Prevent mempool_destroy NULL pointer dereference
Joern Engel [Thu, 15 Apr 2010 06:03:57 +0000 (08:03 +0200)]
It would probably be better to just accept NULL pointers in
mempool_destroy().  But for the current -rc series let's keep things
simple.

This patch was lost in the cracks for a while.
Kevin Cernekee <cernekee@gmail.com> had to rediscover the problem and
send a similar patch because of it. :(

Signed-off-by: Joern Engel <joern@logfs.org>

fs/logfs/logfs.h
fs/logfs/readwrite.c
fs/logfs/segment.c
fs/logfs/super.c

index c9929ee..0a3df1a 100644 (file)
@@ -727,4 +727,10 @@ static inline struct logfs_area *get_area(struct super_block *sb,
        return logfs_super(sb)->s_area[(__force u8)gc_level];
 }
 
+static inline void logfs_mempool_destroy(mempool_t *pool)
+{
+       if (pool)
+               mempool_destroy(pool);
+}
+
 #endif
index 7e0c39c..aca6c56 100644 (file)
@@ -2243,8 +2243,6 @@ void logfs_cleanup_rw(struct super_block *sb)
        struct logfs_super *super = logfs_super(sb);
 
        destroy_meta_inode(super->s_segfile_inode);
-       if (super->s_block_pool)
-               mempool_destroy(super->s_block_pool);
-       if (super->s_shadow_pool)
-               mempool_destroy(super->s_shadow_pool);
+       logfs_mempool_destroy(super->s_block_pool);
+       logfs_mempool_destroy(super->s_shadow_pool);
 }
index 02db22e..8c82fe0 100644 (file)
@@ -912,7 +912,7 @@ err:
        for (i--; i >= 0; i--)
                free_area(super->s_area[i]);
        free_area(super->s_journal_area);
-       mempool_destroy(super->s_alias_pool);
+       logfs_mempool_destroy(super->s_alias_pool);
        return -ENOMEM;
 }
 
index d6e1f4f..d4531eb 100644 (file)
@@ -517,8 +517,8 @@ static void logfs_kill_sb(struct super_block *sb)
        if (super->s_erase_page)
                __free_page(super->s_erase_page);
        super->s_devops->put_device(sb);
-       mempool_destroy(super->s_btree_pool);
-       mempool_destroy(super->s_alias_pool);
+       logfs_mempool_destroy(super->s_btree_pool);
+       logfs_mempool_destroy(super->s_alias_pool);
        kfree(super);
        log_super("LogFS: Finished unmounting\n");
 }