Revision - 1357272 - Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing

Revision 1357272fc7deeebb7b3c5d1a071562edc273cdaf authored by Ilya Dryomov on 02 October 2013, 17:41:01 UTC, committed by Josef Bacik on 04 October 2013, 20:02:14 UTC

Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing

free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev,
can be processed before btrfs_scratch_superblock is called, which would
result in a use-after-free on btrfs_device contents.  Fix this by
zeroing the superblock before the rcu callback is registered.

Cc: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>

1 parent 964fb15

Files
Changes

Permalinks

File	Mode	Size
tg3.bin.ihex	-rw-r--r--	7.5 KB
tg3_tso.bin.ihex	-rw-r--r--	19.1 KB
tg3_tso5.bin.ihex	-rw-r--r--	10.8 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...