[PATCH] xfs: fix buffer use after free on IO error
Christoph Hellwig
hch at infradead.org
Tue Mar 25 12:44:17 CDT 2014
On Tue, Mar 25, 2014 at 10:39:31AM -0700, Eric Sandeen wrote:
> so only _xfs_buf_ioend *might* pass something other than 0, and:
>
> File Function Line
> 0 xfs_buf.c xfs_buf_bio_end_io 1197 _xfs_buf_ioend(bp, 1);
> 1 xfs_buf.c xfs_buf_iorequest 1377 _xfs_buf_ioend(bp, bp->b_error ? 0 : 1);
>
> At least up until now that was always called with "1"
Right, _was_. But that changes to one always passing 1, and one passing
0 or one with your patch. Or one passing always 1 and one always
passing 0 with the suggestion from Brian and me. Either way we'd still
have versions passing 1.
More information about the xfs
mailing list