• Dave Chinner's avatar
    xfs: clear sb->s_fs_info on mount failure · c9fbd7bb
    Dave Chinner authored
    We recently had an oops reported on a 4.14 kernel in
    xfs_reclaim_inodes_count() where sb->s_fs_info pointed to garbage
    and so the m_perag_tree lookup walked into lala land.
    
    Essentially, the machine was under memory pressure when the mount
    was being run, xfs_fs_fill_super() failed after allocating the
    xfs_mount and attaching it to sb->s_fs_info. It then cleaned up and
    freed the xfs_mount, but the sb->s_fs_info field still pointed to
    the freed memory. Hence when the superblock shrinker then ran
    it fell off the bad pointer.
    
    With the superblock shrinker problem fixed at teh VFS level, this
    stale s_fs_info pointer is still a problem - we use it
    unconditionally in ->put_super when the superblock is being torn
    down, and hence we can still trip over it after a ->fill_super
    call failure. Hence we need to clear s_fs_info if
    xfs-fs_fill_super() fails, and we need to check if it's valid in
    the places it can potentially be dereferenced after a ->fill_super
    failure.
    Signed-Off-By: default avatarDave Chinner <dchinner@redhat.com>
    Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
    Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
    c9fbd7bb
xfs_super.c 56 KB