Revision 1357272fc7deeebb7b3c5d1a071562edc273cdaf authored by Ilya Dryomov on 02 October 2013, 17:41:01 UTC, committed by Josef Bacik on 04 October 2013, 20:02:14 UTC
free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev, can be processed before btrfs_scratch_superblock is called, which would result in a use-after-free on btrfs_device contents. Fix this by zeroing the superblock before the rcu callback is registered. Cc: Stefan Behrens <sbehrens@giantdisaster.de> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com>
1 parent 964fb15
| File | Mode | Size |
|---|---|---|
| partitions | ||
| Kconfig | -rw-r--r-- | 3.2 KB |
| Kconfig.iosched | -rw-r--r-- | 1.6 KB |
| Makefile | -rw-r--r-- | 720 bytes |
| blk-cgroup.c | -rw-r--r-- | 28.8 KB |
| blk-cgroup.h | -rw-r--r-- | 16.6 KB |
| blk-core.c | -rw-r--r-- | 86.3 KB |
| blk-exec.c | -rw-r--r-- | 3.3 KB |
| blk-flush.c | -rw-r--r-- | 13.1 KB |
| blk-integrity.c | -rw-r--r-- | 11.6 KB |
| blk-ioc.c | -rw-r--r-- | 10.2 KB |
| blk-iopoll.c | -rw-r--r-- | 5.9 KB |
| blk-lib.c | -rw-r--r-- | 7.1 KB |
| blk-map.c | -rw-r--r-- | 8.2 KB |
| blk-merge.c | -rw-r--r-- | 12.7 KB |
| blk-settings.c | -rw-r--r-- | 26.3 KB |
| blk-softirq.c | -rw-r--r-- | 4.5 KB |
| blk-sysfs.c | -rw-r--r-- | 15.8 KB |
| blk-tag.c | -rw-r--r-- | 9.8 KB |
| blk-throttle.c | -rw-r--r-- | 45.8 KB |
| blk-timeout.c | -rw-r--r-- | 4.8 KB |
| blk.h | -rw-r--r-- | 7.1 KB |
| bsg-lib.c | -rw-r--r-- | 6.0 KB |
| bsg.c | -rw-r--r-- | 23.6 KB |
| cfq-iosched.c | -rw-r--r-- | 119.6 KB |
| compat_ioctl.c | -rw-r--r-- | 20.8 KB |
| deadline-iosched.c | -rw-r--r-- | 11.3 KB |
| elevator.c | -rw-r--r-- | 23.7 KB |
| genhd.c | -rw-r--r-- | 44.2 KB |
| ioctl.c | -rw-r--r-- | 10.7 KB |
| noop-iosched.c | -rw-r--r-- | 2.7 KB |
| partition-generic.c | -rw-r--r-- | 14.0 KB |
| scsi_ioctl.c | -rw-r--r-- | 19.6 KB |
Computing file changes ...
