diff options
author | Raghavendra G <rgowdapp@redhat.com> | 2019-03-21 16:37:30 +0530 |
---|---|---|
committer | Raghavendra G <rgowdapp@redhat.com> | 2019-03-27 10:48:12 +0530 |
commit | 0d8668cb44550163eb8d4111006a105a6826bdbb (patch) | |
tree | 6b60f80af63e5795a872f6e5c8c6a033f738153f /xlators | |
parent | 7cbf23bbc61879e7af70bbb2b42951a73966f3c6 (diff) |
performance/write-behind: fix use after free in readdirp_cbk
wb_inode->lock is accessed after inode_unref (inode), which is a
use-after-free as the inode_unref can potentially free up the inode
and hence the inode-ctx (wb_inode). Instead inode_unref has to happen
after the last access of wb_inode.
Change-Id: Ie1a8bb5e44a668578e7d6bcedc77df52618a36e2
Signed-off-by: Raghavendra G <rgowdapp@redhat.com>
Fixes: bz#1691292
Diffstat (limited to 'xlators')
-rw-r--r-- | xlators/performance/write-behind/src/write-behind.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/xlators/performance/write-behind/src/write-behind.c b/xlators/performance/write-behind/src/write-behind.c index c80f0e7e271..6093ec2d7a1 100644 --- a/xlators/performance/write-behind/src/write-behind.c +++ b/xlators/performance/write-behind/src/write-behind.c @@ -2494,11 +2494,14 @@ wb_readdirp_cbk (call_frame_t *frame, void *cookie, xlator_t *this, entry->inode = NULL; memset (&entry->d_stat, 0, sizeof (entry->d_stat)); - - inode_unref (inode); } } UNLOCK (&wb_inode->lock); + + if (inode) { + inode_unref (inode); + inode = NULL; + } } unwind: |