1 ext4: fix mmp use after free during unmount
3 From: Eric Sandeen <sandeen@redhat.com>
5 In ext4_put_super, we call brelse on the buffer head containing
6 the ext4 superblock, but then try to use it when we stop the
7 mmp thread, because when the thread shuts down it does:
11 ext4_has_metadata_csum
12 WARN_ON_ONCE(ext4_has_feature_metadata_csum(sb)...)
14 which reaches into sb->s_fs_info->s_es->s_feature_ro_compat,
15 which lives in the superblock buffer s_sbh which we just released.
17 Fix this by moving the brelse down to a point where we are no
20 Reported-by: Wang Shu <shuwang@redhat.com>
21 Signed-off-by: Eric Sandeen <sandeen@redhat.com>
22 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
23 Reviewed-by: Andreas Dilger <adilger@dilger.ca>
25 fs/ext4/super.c | 2 +-
26 1 file changed, 1 insertion(+), 1 deletion(-)
28 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
29 index bb3a8edc75db..a526956e49e7 100644
32 @@ -863,7 +863,6 @@ static void ext4_put_super(struct super_block *sb)
33 percpu_counter_destroy(&sbi->s_dirs_counter);
34 percpu_counter_destroy(&sbi->s_dirtyclusters_counter);
35 percpu_free_rwsem(&sbi->s_journal_flag_rwsem);
38 for (i = 0; i < EXT4_MAXQUOTAS; i++)
39 kfree(sbi->s_qf_names[i]);
40 @@ -895,6 +894,7 @@ static void ext4_put_super(struct super_block *sb)
43 kthread_stop(sbi->s_mmp_tsk);
47 * Now that we are completely done shutting down the