Re: [PATCH] Fix use after free when closing log/rt devices

To:	Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject:	Re: [PATCH] Fix use after free when closing log/rt devices
From:	Lachlan McIlroy <lachlan@xxxxxxx>
Date:	Tue, 01 Jul 2008 16:21:29 +1000
Cc:	xfs-dev <xfs-dev@xxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx>
In-reply-to:	<20080627063219.GA25015@xxxxxxxxxxxxx>
References:	<48647746.5010007@xxxxxxx> <20080627063219.GA25015@xxxxxxxxxxxxx>
Reply-to:	lachlan@xxxxxxx
Sender:	xfs-bounce@xxxxxxxxxxx
User-agent:	Thunderbird 2.0.0.14 (X11/20080421)

Christoph Hellwig wrote:

On Fri, Jun 27, 2008 at 03:14:46PM +1000, Lachlan McIlroy wrote:

The call to xfs_free_buftarg() will free the memory used by it's argument
so we need to save the bdev to pass to xfs_blkdev_put()

Lachlan

--- fs/xfs/linux-2.6/xfs_super.c_1.432  2008-06-27 14:51:17.000000000 +1000
+++ fs/xfs/linux-2.6/xfs_super.c        2008-06-27 14:59:26.000000000 +1000
@@ -781,13 +781,17 @@ STATIC void
xfs_close_devices(
        struct xfs_mount        *mp)
{
+       struct block_device     *bdev;
+
        if (mp->m_logdev_targp && mp->m_logdev_targp != mp->m_ddev_targp) {
+               bdev = mp->m_logdev_targp->bt_bdev;
                xfs_free_buftarg(mp->m_logdev_targp);
-               xfs_blkdev_put(mp->m_logdev_targp->bt_bdev);
+               xfs_blkdev_put(bdev);
        }
        if (mp->m_rtdev_targp) {
+               bdev = mp->m_rtdev_targp->bt_bdev;
                xfs_free_buftarg(mp->m_rtdev_targp);
-               xfs_blkdev_put(mp->m_rtdev_targp->bt_bdev);
+               xfs_blkdev_put(bdev);
        }


Looks good, alhough two local variables inside the ifs might be cleaner:

        if (mp->m_logdev_targp && mp->m_logdev_targp != mp->m_ddev_targp) {
                struct block_device *logdev = mp->m_logdev_targp->bt_bdev;

                xfs_free_buftarg(mp->m_logdev_targp);
                xfs_blkdev_put(logdev);
        }

        ...


Thought someone might suggest that.  I'll make the changes, thanks.

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Fix use after free when closing log/rt devices, Lachlan McIlroy Re: [PATCH] Fix use after free when closing log/rt devices, Christoph Hellwig Re: [PATCH] Fix use after free when closing log/rt devices, Mark Goodwin Re: [PATCH] Fix use after free when closing log/rt devices, Christoph Hellwig Re: [PATCH] Fix use after free when closing log/rt devices, Lachlan McIlroy <=

Previous by Date:	TAKE 983924 - take back out again QUEUE_ORDERED_NONE test in check_barriers, Tim Shimmin
Next by Date:	Re: Xfs Access to block zero exception and system crash, Dave Chinner
Previous by Thread:	Re: [PATCH] Fix use after free when closing log/rt devices, Christoph Hellwig
Next by Thread:	[PATCH 0/6] Remove most users of semaphores from XFS V2., Dave Chinner
Indexes:	[Date] [Thread] [Top] [All Lists]