linux/fs/gfs2
Bob Peterson 9290a9a7c0 GFS2: Fix use-after-free race when calling gfs2_remove_from_ail
Function gfs2_remove_from_ail drops the reference on the bh via
brelse. This patch fixes a race condition whereby bh is deferenced
after the brelse when setting bd->bd_blkno = bh->b_blocknr;
Under certain rare circumstances, bh might be gone or reused,
and bd->bd_blkno is set to whatever that memory happens to be,
which is often 0. Later, in gfs2_trans_add_unrevoke, that bd fails
the test "bd->bd_blkno >= blkno" which causes it to never be freed.
The end result is that the bd is never freed from the bufdata cache,
which results in this error:
slab error in kmem_cache_destroy(): cache `gfs2_bufdata': Can't free all objects

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2013-12-13 21:42:23 +00:00
..
acl.c gfs2: Use uid_eq and gid_eq where appropriate 2013-02-13 06:15:10 -08:00
acl.h fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
aops.c GFS2: Add allocation parameters structure 2013-10-02 11:13:25 +01:00
bmap.c GFS2: Add allocation parameters structure 2013-10-02 11:13:25 +01:00
bmap.h GFS2: New truncate sequence 2010-09-20 11:18:16 +01:00
dentry.c gfs2: use check_submounts_and_drop() 2013-09-05 16:23:51 -04:00
dir.c treewide: Add __GFP_NOWARN to k.alloc calls with v.alloc fallbacks 2013-08-20 13:06:40 +02:00
dir.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-nmw 2013-07-02 09:41:18 -07:00
export.c [readdir] constify ->actor 2013-06-29 12:57:05 +04:00
file.c GFS2: Add allocation parameters structure 2013-10-02 11:13:25 +01:00
gfs2.h
glock.c GFS2: fix potential NULL pointer dereference 2013-11-21 09:55:45 +00:00
glock.h GFS2: Use lockref for glocks 2013-10-15 15:18:08 +01:00
glops.c GFS2: Use lockref for glocks 2013-10-15 15:18:08 +01:00
glops.h GFS2: Fix AIL flush issue during fsync 2011-10-21 12:39:41 +01:00
incore.h GFS2: Use generic list_lru for quota 2013-11-04 11:17:49 +00:00
inode.c GFS2: Fix ref count bug relating to atomic_open 2013-11-21 18:47:57 +00:00
inode.h GFS2: Add atomic_open support 2013-06-14 11:17:15 +01:00
Kconfig Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
lock_dlm.c gfs2: endianness misannotations 2013-11-15 22:04:16 -05:00
log.c GFS2: Fix use-after-free race when calling gfs2_remove_from_ail 2013-12-13 21:42:23 +00:00
log.h GFS2: aggressively issue revokes in gfs2_log_flush 2013-06-19 09:41:59 +01:00
lops.c GFS2: Move gfs2_sync_meta to lops.c 2013-08-19 17:26:32 +01:00
lops.h GFS2: Eliminate gfs2_rg_lops 2013-06-05 09:50:40 +01:00
main.c GFS2: Use generic list_lru for quota 2013-11-04 11:17:49 +00:00
Makefile GFS2: Rename ops_inode.c to inode.c 2011-05-10 13:12:49 +01:00
meta_io.c GFS2: Move gfs2_sync_meta to lops.c 2013-08-19 17:26:32 +01:00
meta_io.h GFS2: Move gfs2_sync_meta to lops.c 2013-08-19 17:26:32 +01:00
ops_fstype.c GFS2: don't hold s_umount over blkdev_put 2013-12-13 21:42:03 +00:00
quota.c gfs2: endianness misannotations 2013-11-15 22:04:16 -05:00
quota.h GFS2: Use generic list_lru for quota 2013-11-04 11:17:49 +00:00
recovery.c GFS2: fail mount if journal recovery fails 2012-01-11 09:24:48 +00:00
recovery.h gfs2: use workqueue instead of slow-work 2010-07-23 13:14:25 +02:00
rgrp.c gfs2: endianness misannotations 2013-11-15 22:04:16 -05:00
rgrp.h GFS2: Add allocation parameters structure 2013-10-02 11:13:25 +01:00
super.c GFS2: Clean up reservation removal 2013-09-27 12:49:33 +01:00
super.h GFS2: Clean up freeze code 2013-01-29 10:29:05 +00:00
sys.c GFS2: Remove obsolete quota tunable 2013-10-04 09:49:29 +01:00
sys.h GFS2: dlm based recovery coordination 2012-01-11 09:23:05 +00:00
trace_gfs2.h GFS2: Add origin indicator to glock demote tracing 2013-04-10 10:32:05 +01:00
trans.c GFS2: fix warning message 2013-06-19 21:29:19 +01:00
trans.h GFS2: Split gfs2_trans_add_bh() into two 2013-01-29 10:28:04 +00:00
util.c GFS2: Move gfs2_icbit_munge into quota.c 2013-10-02 14:47:02 +01:00
util.h GFS2: Move gfs2_icbit_munge into quota.c 2013-10-02 14:47:02 +01:00
xattr.c GFS2: Add allocation parameters structure 2013-10-02 11:13:25 +01:00
xattr.h sanitize xattr handler prototypes 2009-12-16 12:16:49 -05:00