From: Mingming Cao <cmm@us.ibm.com>

Hnadle null inode->i_sb in the inode teardown paths.

- In lots of places, like generic_forget_inode(), destroy_inode() is
  called after clear_inode() is called.  It is possible that the filesystem
  clear_inode() method could clear the sb pointer.  

- clear_inode() checks whether the inode->i_sb is a NULL pointer. 
  Probably we should do this consistently.

- iput() need a sb NULL pointer check too.  diReadSpecial() in
  jfs/jfs_imap.c clears the sb pointer before calls iput().  Oops could
  happen, although this might be a rare case.



 fs/inode.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff -puN fs/inode.c~inode-i_sb-checks fs/inode.c
--- 25/fs/inode.c~inode-i_sb-checks	2003-12-17 23:25:42.000000000 -0800
+++ 25-akpm/fs/inode.c	2003-12-17 23:25:42.000000000 -0800
@@ -160,7 +160,7 @@ void destroy_inode(struct inode *inode) 
 	if (inode_has_buffers(inode))
 		BUG();
 	security_inode_free(inode);
-	if (inode->i_sb->s_op->destroy_inode)
+	if (inode->i_sb && inode->i_sb->s_op->destroy_inode)
 		inode->i_sb->s_op->destroy_inode(inode);
 	else
 		kmem_cache_free(inode_cachep, (inode));
@@ -1086,13 +1086,13 @@ static inline void iput_final(struct ino
 void iput(struct inode *inode)
 {
 	if (inode) {
-		struct super_operations *op = inode->i_sb->s_op;
-
+		struct super_block *sb = inode->i_sb;
+
 		if (inode->i_state == I_CLEAR)
 			BUG();
 
-		if (op && op->put_inode)
-			op->put_inode(inode);
+		if (sb && sb->s_op && sb->s_op->put_inode)
+			sb->s_op->put_inode(inode);
 
 		if (atomic_dec_and_lock(&inode->i_count, &inode_lock))
 			iput_final(inode);

_