GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-03 21:01:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing

Browse source 
free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev,
can be processed before btrfs_scratch_superblock is called, which would
result in a use-after-free on btrfs_device contents.  Fix this by
zeroing the superblock before the rcu callback is registered.

Cc: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
This commit is contained in:
Ilya Dryomov 2013-10-02 20:41:01 +03:00 committed by Josef Bacik
parent 964fb15acf
commit 1357272fc7
2 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
fs/btrfs/dev-replace.c
View file

@ -535,10 +535,7 @@ static int btrfs_dev_replace_finishing(struct btrfs_fs_info *fs_info,
list_add(&tgt_device->dev_alloc_list, &fs_info->fs_devices->alloc_list);
btrfs_rm_dev_replace_srcdev(fs_info, src_device);
if (src_device->bdev) {
/* zero out the old super */
btrfs_scratch_superblock(src_device);
}
/*
* this is again a consistent state where no dev_replace procedure
* is running, the target device is part of the filesystem, the