[XFS] Fix use after free in xfs_log_done().
The ticket allocation code got reworked in 2.6.26 and we now free tickets whereas before we used to cache them so the use-after-free went undetected. SGI-PV: 985525 SGI-Modid: xfs-linux-melb:xfs-kern:31877a Signed-off-by: Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: David Chinner <david@fromorbit.com>
This commit is contained in:
parent
c94312de22
commit
c6a7b0f8a4
1 changed files with 5 additions and 8 deletions
|
@ -336,15 +336,12 @@ xfs_log_done(xfs_mount_t *mp,
|
|||
} else {
|
||||
xlog_trace_loggrant(log, ticket, "xfs_log_done: (permanent)");
|
||||
xlog_regrant_reserve_log_space(log, ticket);
|
||||
}
|
||||
|
||||
/* If this ticket was a permanent reservation and we aren't
|
||||
* trying to release it, reset the inited flags; so next time
|
||||
* we write, a start record will be written out.
|
||||
*/
|
||||
if ((ticket->t_flags & XLOG_TIC_PERM_RESERV) &&
|
||||
(flags & XFS_LOG_REL_PERM_RESERV) == 0)
|
||||
/* If this ticket was a permanent reservation and we aren't
|
||||
* trying to release it, reset the inited flags; so next time
|
||||
* we write, a start record will be written out.
|
||||
*/
|
||||
ticket->t_flags |= XLOG_TIC_INITED;
|
||||
}
|
||||
|
||||
return lsn;
|
||||
} /* xfs_log_done */
|
||||
|
|
Loading…
Reference in a new issue