diff options
| author | Linus Torvalds <[email protected]> | 2011-02-11 15:53:38 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2011-02-11 15:53:38 -0800 |
| commit | 2dab597441667d6c04451a7dcf215241ad4c74f6 (patch) | |
| tree | f56a6f7fcabf3a9b82a5e77ef9c96268224efbd1 /drivers/scsi/mpt2sas/mpi/mpi2_raid.h | |
| parent | d2478521afc20227658a10a8c5c2bf1a2aa615b3 (diff) | |
Fix possible filp_cachep memory corruption
In commit 31e6b01f4183 ("fs: rcu-walk for path lookup") we started doing
path lookup using RCU, which then falls back to a careful non-RCU lookup
in case of problems (LOOKUP_REVAL). So do_filp_open() has this "re-do
the lookup carefully" looping case.
However, that means that we must not release the open-intent file data
if we are going to loop around and use it once more!
Fix this by moving the release of the open-intent data to the function
that allocates it (do_filp_open() itself) rather than the helper
functions that can get called multiple times (finish_open() and
do_last()). This makes the logic for the lifetime of that field much
more obvious, and avoids the possible double free.
Reported-by: J. R. Okajima <[email protected]>
Acked-by: Al Viro <[email protected]>
Cc: Nick Piggin <[email protected]>
Cc: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'drivers/scsi/mpt2sas/mpi/mpi2_raid.h')
0 files changed, 0 insertions, 0 deletions