aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLachlan McIlroy <lachlan@sgi.com>2008-08-13 02:52:50 -0400
committerLachlan McIlroy <lachlan@redback.melbourne.sgi.com>2008-08-13 02:52:50 -0400
commitc6a7b0f8a49aa71792dd108efc535435f462bf79 (patch)
tree45ffdd756cf4e024a1ab6742b2dfa4ed962ea741 /fs
parentc94312de223644e2f18e7064ae8cafa14e5c6ef6 (diff)
[XFS] Fix use after free in xfs_log_done().
The ticket allocation code got reworked in 2.6.26 and we now free tickets whereas before we used to cache them so the use-after-free went undetected. SGI-PV: 985525 SGI-Modid: xfs-linux-melb:xfs-kern:31877a Signed-off-by: Lachlan McIlroy <lachlan@sgi.com> Signed-off-by: David Chinner <david@fromorbit.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/xfs/xfs_log.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c
index 1f6f780dbd39..ccba14eb9dbe 100644
--- a/fs/xfs/xfs_log.c
+++ b/fs/xfs/xfs_log.c
@@ -336,15 +336,12 @@ xfs_log_done(xfs_mount_t *mp,
336 } else { 336 } else {
337 xlog_trace_loggrant(log, ticket, "xfs_log_done: (permanent)"); 337 xlog_trace_loggrant(log, ticket, "xfs_log_done: (permanent)");
338 xlog_regrant_reserve_log_space(log, ticket); 338 xlog_regrant_reserve_log_space(log, ticket);
339 } 339 /* If this ticket was a permanent reservation and we aren't
340 340 * trying to release it, reset the inited flags; so next time
341 /* If this ticket was a permanent reservation and we aren't 341 * we write, a start record will be written out.
342 * trying to release it, reset the inited flags; so next time 342 */
343 * we write, a start record will be written out.
344 */
345 if ((ticket->t_flags & XLOG_TIC_PERM_RESERV) &&
346 (flags & XFS_LOG_REL_PERM_RESERV) == 0)
347 ticket->t_flags |= XLOG_TIC_INITED; 343 ticket->t_flags |= XLOG_TIC_INITED;
344 }
348 345
349 return lsn; 346 return lsn;
350} /* xfs_log_done */ 347} /* xfs_log_done */