* [PATCH] ocfs2: fix potential use after free
@ 2018-11-25 1:27 Pan Bian
0 siblings, 0 replies; only message in thread
From: Pan Bian @ 2018-11-25 1:27 UTC (permalink / raw)
To: Mark Fasheh, Joel Becker; +Cc: ocfs2-devel, linux-kernel, Tao Ma, Pan Bian
The function ocfs2_get_dentry calls iput(inode) to drop the reference
count of inode, and if the reference count hits 0, inode is freed.
However, in this function, it then reads inode->i_generation, which may
result in a use after free bug. This patch moves the put operation
later.
Fixes: 781f200cb7a("ocfs2: Remove masklog ML_EXPORT.")
Signed-off-by: Pan Bian <bianpan2016@163.com>
---
fs/ocfs2/export.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/export.c b/fs/ocfs2/export.c
index 9f88188..4bf8d58 100644
--- a/fs/ocfs2/export.c
+++ b/fs/ocfs2/export.c
@@ -125,10 +125,10 @@ static struct dentry *ocfs2_get_dentry(struct super_block *sb,
check_gen:
if (handle->ih_generation != inode->i_generation) {
- iput(inode);
trace_ocfs2_get_dentry_generation((unsigned long long)blkno,
handle->ih_generation,
inode->i_generation);
+ iput(inode);
result = ERR_PTR(-ESTALE);
goto bail;
}
--
2.7.4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-11-25 1:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-25 1:27 [PATCH] ocfs2: fix potential use after free Pan Bian
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.