19709adfd7
[ Upstream commit 2c47c1be51fbded1f7baa2ceaed90f97932f79be ] Before this patch, gfs2_create_inode had a use-after-free for the iopen glock in some error paths because it did this: gfs2_glock_put(io_gl); fail_gunlock2: if (io_gl) clear_bit(GLF_INODE_CREATING, &io_gl->gl_flags); In some cases, the io_gl was used for create and only had one reference, so the glock might be freed before the clear_bit(). This patch tries to straighten it out by only jumping to the error paths where iopen is properly set, and moving the gfs2_glock_put after the clear_bit. Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|---|---|---|
| .. | ||
| acl.c | ||
| acl.h | ||
| aops.c | ||
| aops.h | ||
| bmap.c | ||
| bmap.h | ||
| dentry.c | ||
| dir.c | ||
| dir.h | ||
| export.c | ||
| file.c | ||
| gfs2.h | ||
| glock.c | ||
| glock.h | ||
| glops.c | ||
| glops.h | ||
| incore.h | ||
| inode.c | ||
| inode.h | ||
| Kconfig | ||
| lock_dlm.c | ||
| log.c | ||
| log.h | ||
| lops.c | ||
| lops.h | ||
| main.c | ||
| Makefile | ||
| meta_io.c | ||
| meta_io.h | ||
| ops_fstype.c | ||
| quota.c | ||
| quota.h | ||
| recovery.c | ||
| recovery.h | ||
| rgrp.c | ||
| rgrp.h | ||
| super.c | ||
| super.h | ||
| sys.c | ||
| sys.h | ||
| trace_gfs2.h | ||
| trans.c | ||
| trans.h | ||
| util.c | ||
| util.h | ||
| xattr.c | ||
| xattr.h | ||