[Top] [All Lists]

TAKE 985757 - Fix use-after-free with buffers

To: sgi.bugs.xfs@xxxxxxxxxxxx, xfs@xxxxxxxxxxx
Subject: TAKE 985757 - Fix use-after-free with buffers
From: lachlan@xxxxxxx (Lachlan McIlroy)
Date: Wed, 3 Sep 2008 14:00:38 +1000 (EST)
Fix use-after-free with buffers

We have a use-after-free issue where log completions access buffers via the
buffer log item and the buffer has already been freed.  Fix this by taking
a reference on the buffer when attaching the buffer log item and release
the hold when the buffer log item is detached and we no longer need the
buffer.  Also create a new function xfs_buf_item_free() to combine some
common code and move an ASSERT in xfs_buf_rele() so that we can catch more

Date:  Wed Sep  3 13:59:35 AEST 2008
Workarea:  redback.melbourne.sgi.com:/home/lachlan/isms/2.6.x-tot
Inspected by:  hch
Author:  lachlan

The following file(s) were checked into:

Modid:  xfs-linux-melb:xfs-kern:32025a
fs/xfs/xfs_buf_item.c - 1.169 - changed
        - Fix use-after-free with buffers

<Prev in Thread] Current Thread [Next in Thread>
  • TAKE 985757 - Fix use-after-free with buffers, Lachlan McIlroy <=