[lvc-project] [PATCH] gfs2: Fix NULL pointer dereference in gfs2_log_flush
Nikolai Kuznetsov
niku.csmsu at yandex.ru
Mon Apr 6 10:40:57 MSK 2026
In gfs2_log_flush(), the pointer sdp->sd_jdesc is dereferenced without
a prior check. During mount or umount, sd_jdesc may remain NULL while
the log flush operation is triggered.
Prevent the crash by adding a gfs2_assert_withdraw() that verifies
sd_jdesc is not NULL.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Nikolai Kuznetsov <niku.csmsu at yandex.ru>
---
fs/gfs2/log.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/gfs2/log.c b/fs/gfs2/log.c
index 347df29d610e..53bf9f68a842 100644
--- a/fs/gfs2/log.c
+++ b/fs/gfs2/log.c
@@ -1036,6 +1036,8 @@ void gfs2_log_flush(struct gfs2_sbd *sdp, struct gfs2_glock *gl, u32 flags)
down_write(&sdp->sd_log_flush_lock);
trace_gfs2_log_flush(sdp, 1, flags);
+ gfs2_assert_withdraw(sdp, sdp->sd_jdesc != NULL);
+
repeat:
/*
* Do this check while holding the log_flush_lock to prevent new
--
2.43.0
More information about the lvc-project
mailing list