xfs
[Top] [All Lists]

TAKE 985757 - Fix use-after-free with buffers

To: sgi.bugs.xfs@xxxxxxxxxxxx, xfs@xxxxxxxxxxx
Subject: TAKE 985757 - Fix use-after-free with buffers
From: lachlan@xxxxxxx (Lachlan McIlroy)
Date: Wed, 3 Sep 2008 14:00:38 +1000 (EST)
Fix use-after-free with buffers

We have a use-after-free issue where log completions access buffers via the
buffer log item and the buffer has already been freed.  Fix this by taking
a reference on the buffer when attaching the buffer log item and release
the hold when the buffer log item is detached and we no longer need the
buffer.  Also create a new function xfs_buf_item_free() to combine some
common code and move an ASSERT in xfs_buf_rele() so that we can catch more
cases.

Date:  Wed Sep  3 13:59:35 AEST 2008
Workarea:  redback.melbourne.sgi.com:/home/lachlan/isms/2.6.x-tot
Inspected by:  hch
Author:  lachlan

The following file(s) were checked into:
  longdrop.melbourne.sgi.com:/isms/linux/2.6.x-xfs-melb


Modid:  xfs-linux-melb:xfs-kern:32025a
fs/xfs/xfs_buf_item.c - 1.169 - changed
http://oss.sgi.com/cgi-bin/cvsweb.cgi/xfs-linux/xfs_buf_item.c.diff?r1=text&tr1=1.169&r2=text&tr2=1.168&f=h
        - Fix use-after-free with buffers



<Prev in Thread] Current Thread [Next in Thread>
  • TAKE 985757 - Fix use-after-free with buffers, Lachlan McIlroy <=