diff options
| author | Jeff Layton <jlayton@redhat.com> | 2010-11-10 10:19:10 -0500 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2010-11-10 10:37:17 -0500 |
| commit | ebe2e91e000c59aed0300d81815f451c85e0bda6 (patch) | |
| tree | fc3f70522b873aba4cae89c963386a890d24fa5c | |
| parent | f6614b7bb405a9b35dd28baea989a749492c46b2 (diff) | |
cifs: fix potential use-after-free in cifs_oplock_break_put
cfile may very well be freed after the cifsFileInfo_put. Make sure we
have a valid pointer to the superblock for cifs_sb_deactive.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
| -rw-r--r-- | fs/cifs/file.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 06c3e83fa387..b857ce5db775 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c | |||
| @@ -2271,8 +2271,10 @@ void cifs_oplock_break_get(struct cifsFileInfo *cfile) | |||
| 2271 | 2271 | ||
| 2272 | void cifs_oplock_break_put(struct cifsFileInfo *cfile) | 2272 | void cifs_oplock_break_put(struct cifsFileInfo *cfile) |
| 2273 | { | 2273 | { |
| 2274 | struct super_block *sb = cfile->dentry->d_sb; | ||
| 2275 | |||
| 2274 | cifsFileInfo_put(cfile); | 2276 | cifsFileInfo_put(cfile); |
| 2275 | cifs_sb_deactive(cfile->dentry->d_sb); | 2277 | cifs_sb_deactive(sb); |
| 2276 | } | 2278 | } |
| 2277 | 2279 | ||
| 2278 | const struct address_space_operations cifs_addr_ops = { | 2280 | const struct address_space_operations cifs_addr_ops = { |