Revision 1357272fc7deeebb7b3c5d1a071562edc273cdaf authored by Ilya Dryomov on 02 October 2013, 17:41:01 UTC, committed by Josef Bacik on 04 October 2013, 20:02:14 UTC
free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev, can be processed before btrfs_scratch_superblock is called, which would result in a use-after-free on btrfs_device contents. Fix this by zeroing the superblock before the rcu callback is registered. Cc: Stefan Behrens <sbehrens@giantdisaster.de> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Josef Bacik <jbacik@fusionio.com>
1 parent 964fb15
| File | Mode | Size |
|---|---|---|
| apparmor | ||
| integrity | ||
| keys | ||
| selinux | ||
| smack | ||
| tomoyo | ||
| yama | ||
| Kconfig | -rw-r--r-- | 5.7 KB |
| Makefile | -rw-r--r-- | 1.0 KB |
| capability.c | -rw-r--r-- | 24.3 KB |
| commoncap.c | -rw-r--r-- | 28.1 KB |
| device_cgroup.c | -rw-r--r-- | 18.1 KB |
| inode.c | -rw-r--r-- | 6.7 KB |
| lsm_audit.c | -rw-r--r-- | 9.3 KB |
| min_addr.c | -rw-r--r-- | 1.3 KB |
| security.c | -rw-r--r-- | 35.8 KB |
Computing file changes ...
