lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99fa8cb3c5
android_kernel_xiaomi_sm8350/fs/xfs
History
David Chinner 99fa8cb3c5 [XFS] Prevent use-after-free caused by synchronous inode reclaim 
With the combined linux and XFS inode, we need to ensure that the combined
structure is not freed before the generic code is finished with the inode.
As it turns out, there is a case where the XFS inode is freed before the
linux inode - when xfs_reclaim() is called from ->clear_inode() on a clean
inode, the xfs inode is freed during that call. The generic code
references the inode after the ->clear_inode() call, so this is a use
after free situation.

Fix the problem by moving the xfs_reclaim() call to ->destroy_inode()
instead of in ->clear_inode(). This ensures the combined inode structure
is not freed until after the generic code has finished with it.

SGI-PV: 988141

SGI-Modid: xfs-linux-melb:xfs-kern:32324a

Signed-off-by: David Chinner <david@fromorbit.com>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
2008-10-30 17:36:40 +11:00
..
linux-2.6 [XFS] Prevent use-after-free caused by synchronous inode reclaim 2008-10-30 17:36:40 +11:00
quota [XFS] Kill xfs_sync() 2008-10-30 17:16:11 +11:00
support [XFS] Show buffer address with debug hexdump on corruption 2008-10-30 17:05:58 +11:00
Kconfig
Makefile [XFS] move sync code to its own file 2008-10-30 17:06:08 +11:00
xfs_acl.c
xfs_acl.h
xfs_ag.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_alloc_btree.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_alloc_btree.h [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_alloc.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_alloc.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_arch.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_attr_leaf.c
xfs_attr_leaf.h
xfs_attr_sf.h
xfs_attr.c
xfs_attr.h
xfs_bit.c
xfs_bit.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_bmap_btree.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_bmap_btree.h [XFS] Move XFS_BMAP_SANITY_CHECK out of line. 2008-10-30 17:14:43 +11:00
xfs_bmap.c [XFS] Move XFS_BMAP_SANITY_CHECK out of line. 2008-10-30 17:14:43 +11:00
xfs_bmap.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_btree_trace.c
xfs_btree_trace.h
xfs_btree.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_btree.h [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_buf_item.c
xfs_buf_item.h
xfs_clnt.h
xfs_da_btree.c
xfs_da_btree.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_dfrag.c
xfs_dfrag.h
xfs_dinode.h [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_dir2_block.c
xfs_dir2_block.h
xfs_dir2_data.c
xfs_dir2_data.h
xfs_dir2_leaf.c
xfs_dir2_leaf.h
xfs_dir2_node.c
xfs_dir2_node.h
xfs_dir2_sf.c
xfs_dir2_sf.h
xfs_dir2_trace.c
xfs_dir2_trace.h
xfs_dir2.c
xfs_dir2.h
xfs_dmapi.h
xfs_dmops.c
xfs_error.c
xfs_error.h
xfs_extfree_item.c
xfs_extfree_item.h
xfs_filestream.c
xfs_filestream.h
xfs_fs.h
xfs_fsops.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_fsops.h
xfs_ialloc_btree.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_ialloc_btree.h [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_ialloc.c
xfs_ialloc.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_iget.c [XFS] Combine the XFS and Linux inodes 2008-10-30 17:36:14 +11:00
xfs_imap.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_inode_item.c
xfs_inode_item.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_inode.c [XFS] Combine the XFS and Linux inodes 2008-10-30 17:36:14 +11:00
xfs_inode.h [XFS] Combine the XFS and Linux inodes 2008-10-30 17:36:14 +11:00
xfs_inum.h
xfs_iomap.c
xfs_iomap.h
xfs_itable.c
xfs_itable.h
xfs_log_priv.h
xfs_log_recover.c [XFS] Always use struct xfs_btree_block instead of short / longform 2008-10-30 17:14:34 +11:00
xfs_log_recover.h
xfs_log.c
xfs_log.h
xfs_mount.c [XFS] remove the mount inode list 2008-10-30 17:11:29 +11:00
xfs_mount.h [XFS] use xfs_sync_inodes rather than xfs_syncsub 2008-10-30 17:15:12 +11:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_qmops.c
xfs_quota.h
xfs_refcache.h
xfs_rename.c
xfs_rtalloc.c
xfs_rtalloc.h
xfs_rw.c
xfs_rw.h
xfs_sb.h
xfs_trans_ail.c
xfs_trans_buf.c
xfs_trans_extfree.c
xfs_trans_inode.c
xfs_trans_item.c
xfs_trans_priv.h
xfs_trans_space.h
xfs_trans.c
xfs_trans.h [XFS] Sync up kernel and user-space headers 2008-10-30 17:05:38 +11:00
xfs_types.h
xfs_utils.c
xfs_utils.h
xfs_vfsops.c [XFS] Move remaining quiesce code. 2008-10-30 17:16:21 +11:00
xfs_vfsops.h [XFS] Move remaining quiesce code. 2008-10-30 17:16:21 +11:00
xfs_vnodeops.c [XFS] Combine the XFS and Linux inodes 2008-10-30 17:36:14 +11:00
xfs_vnodeops.h
xfs.h