xfs: fix a use after free in xfs_end_io_direct_write
Alex Elder
aelder at sgi.com
Wed Sep 14 07:36:16 CDT 2011
On Tue, 2011-09-13 at 18:26 -0400, Christoph Hellwig wrote:
> There is a window in which the ioend that we call inode_dio_wake on
> in xfs_end_io_direct_write is already free. Fix this by storing
> the inode pointer in a local variable.
>
> This is a fix for the regression introduced in 3.1-rc by
> "fs: move inode_dio_done to the end_io handler".
>
> Signed-off-by: Christoph Hellwig <hch at lst.de>
Looks good.
Reviewed-by: Alex Elder <aelder at sgi.com>
More information about the xfs
mailing list