GFS2: Fix use-after-free bug on umount

There was a use-after-free with the GFS2 super block during umount. This patch moves almost all of the umount code from ->put_super into ->kill_sb, the only bit that cannot be moved being the glock hash clearing which has to remain as ->put_super due to umount ordering requirements. As a result its now obvious that the kfree is the final operation, whereas before it was hidden in ->put_super. Also gfs2_jindex_free is then only referenced from a single file so thats moved and marked static too. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
author: Steven Whitehouse <swhiteho@redhat.com> 2008-11-27 03:27:28 -0500
committer: Steven Whitehouse <swhiteho@redhat.com> 2009-01-05 02:39:14 -0500
commit: 3af165ac4d099385b12e3e75a9ee3ffd02da33e0 (patch)
tree: b90552f6ac8db316c05d5f3246366cfa09cc7473 /fs/gfs2/super.c
parent: 2e204703a1161e9bae38ba0d3d0df04a679e6f4f (diff)
1 files changed, 0 insertions, 34 deletions
diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c
index 141b781f2fcc..f14658b20204 100644
--- a/fs/gfs2/super.c
+++ b/fs/gfs2/super.c
@@ -33,40 +33,6 @@
 #include "trans.h"
 #include "util.h"
-/**
- * gfs2_jindex_free - Clear all the journal index information
- * @sdp: The GFS2 superblock
- *
- */
-void gfs2_jindex_free(struct gfs2_sbd *sdp)
-{
-        struct list_head list, *head;
-        struct gfs2_jdesc *jd;
-        struct gfs2_journal_extent *jext;
-        spin_lock(&sdp->sd_jindex_spin);
-        list_add(&list, &sdp->sd_jindex_list);
-        list_del_init(&sdp->sd_jindex_list);
-        sdp->sd_journals = 0;
-        spin_unlock(&sdp->sd_jindex_spin);
-        while (!list_empty(&list)) {
-                jd = list_entry(list.next, struct gfs2_jdesc, jd_list);
-                head = &jd->extent_list;
-                while (!list_empty(head)) {
-                        jext = list_entry(head->next,
-                                          struct gfs2_journal_extent,
-                                          extent_list);
-                        list_del(&jext->extent_list);
-                        kfree(jext);
-                }
-                list_del(&jd->jd_list);
-                iput(jd->jd_inode);
-                kfree(jd);
-        }
-}
 static struct gfs2_jdesc *jdesc_find_i(struct list_head *head, unsigned int jid)
 {
        struct gfs2_jdesc *jd;
author	Steven Whitehouse <swhiteho@redhat.com>	2008-11-27 03:27:28 -0500
committer	Steven Whitehouse <swhiteho@redhat.com>	2009-01-05 02:39:14 -0500
commit	3af165ac4d099385b12e3e75a9ee3ffd02da33e0 (patch)
tree	b90552f6ac8db316c05d5f3246366cfa09cc7473 /fs/gfs2/super.c
parent	2e204703a1161e9bae38ba0d3d0df04a679e6f4f (diff)

diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c index 141b781f2fcc..f14658b20204 100644 --- a/fs/gfs2/super.c +++ b/fs/gfs2/super.c
@@ -33,40 +33,6 @@
33	#include "trans.h"	33	#include "trans.h"
34	#include "util.h"	34	#include "util.h"
35		35
36	/**
37	* gfs2_jindex_free - Clear all the journal index information
38	* @sdp: The GFS2 superblock
39	*
40	*/
41
42	void gfs2_jindex_free(struct gfs2_sbd *sdp)
43	{
44	struct list_head list, *head;
45	struct gfs2_jdesc *jd;
46	struct gfs2_journal_extent *jext;
47
48	spin_lock(&sdp->sd_jindex_spin);
49	list_add(&list, &sdp->sd_jindex_list);
50	list_del_init(&sdp->sd_jindex_list);
51	sdp->sd_journals = 0;
52	spin_unlock(&sdp->sd_jindex_spin);
53
54	while (!list_empty(&list)) {
55	jd = list_entry(list.next, struct gfs2_jdesc, jd_list);
56	head = &jd->extent_list;
57	while (!list_empty(head)) {
58	jext = list_entry(head->next,
59	struct gfs2_journal_extent,
60	extent_list);
61	list_del(&jext->extent_list);
62	kfree(jext);
63	}
64	list_del(&jd->jd_list);
65	iput(jd->jd_inode);
66	kfree(jd);
67	}
68	}
69
70	static struct gfs2_jdesc jdesc_find_i(struct list_head head, unsigned int jid)	36	static struct gfs2_jdesc jdesc_find_i(struct list_head head, unsigned int jid)
71	{	37	{
72	struct gfs2_jdesc *jd;	38	struct gfs2_jdesc *jd;