mirror of
https://github.com/joel16/android_kernel_sony_msm8994.git
synced 2024-11-25 05:00:39 +00:00
[XFS] Fix use-after-free during log unmount.
Don't reference the log buffer after running the callbacks as the callback can trigger the log buffers to be freed during unmount. SGI-PV: 964545 SGI-Modid: xfs-linux-melb:xfs-kern:28567a Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Tim Shimmin <tes@sgi.com>
This commit is contained in:
parent
40095b64f5
commit
3db296f341
@ -967,14 +967,16 @@ xlog_iodone(xfs_buf_t *bp)
|
||||
} else if (iclog->ic_state & XLOG_STATE_IOERROR) {
|
||||
aborted = XFS_LI_ABORTED;
|
||||
}
|
||||
|
||||
/* log I/O is always issued ASYNC */
|
||||
ASSERT(XFS_BUF_ISASYNC(bp));
|
||||
xlog_state_done_syncing(iclog, aborted);
|
||||
if (!(XFS_BUF_ISASYNC(bp))) {
|
||||
/*
|
||||
* Corresponding psema() will be done in bwrite(). If we don't
|
||||
* vsema() here, panic.
|
||||
*/
|
||||
XFS_BUF_V_IODONESEMA(bp);
|
||||
}
|
||||
/*
|
||||
* do not reference the buffer (bp) here as we could race
|
||||
* with it being freed after writing the unmount record to the
|
||||
* log.
|
||||
*/
|
||||
|
||||
} /* xlog_iodone */
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user