You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.2 KiB
38 lines
1.2 KiB
From: Xiaotian Feng <dfeng@redhat.com>
|
|
Subject: fix null pointer deref in swap_entry_free
|
|
Patch-mainline: Not yet
|
|
|
|
Commit b3a27d uses p->bdev->bd_disk, this will lead a null pointer
|
|
deref with swap over nfs.
|
|
|
|
Signed-off-by: Xiaotian Feng <dfeng@redhat.com>
|
|
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
|
|
--
|
|
Index: linux-2.6.35-master/mm/swapfile.c
|
|
===================================================================
|
|
--- linux-2.6.35-master.orig/mm/swapfile.c
|
|
+++ linux-2.6.35-master/mm/swapfile.c
|
|
@@ -574,7 +574,6 @@ static unsigned char swap_entry_free(str
|
|
|
|
/* free if no reference */
|
|
if (!usage) {
|
|
- struct gendisk *disk = p->bdev->bd_disk;
|
|
if (offset < p->lowest_bit)
|
|
p->lowest_bit = offset;
|
|
if (offset > p->highest_bit)
|
|
@@ -584,9 +583,11 @@ static unsigned char swap_entry_free(str
|
|
swap_list.next = p->type;
|
|
nr_swap_pages++;
|
|
p->inuse_pages--;
|
|
- if ((p->flags & SWP_BLKDEV) &&
|
|
- disk->fops->swap_slot_free_notify)
|
|
- disk->fops->swap_slot_free_notify(p->bdev, offset);
|
|
+ if (p->flags & SWP_BLKDEV) {
|
|
+ struct gendisk *disk = p->bdev->bd_disk;
|
|
+ if (disk->fops->swap_slot_free_notify)
|
|
+ disk->fops->swap_slot_free_notify(p->bdev, offset);
|
|
+ }
|
|
}
|
|
|
|
return usage;
|