diff options
| author | Ritesh Harjani <[email protected]> | 2022-02-10 21:07:11 +0530 |
|---|---|---|
| committer | Theodore Ts'o <[email protected]> | 2022-02-25 21:28:10 -0500 |
| commit | cc16eecae687912238ee6efbff71ad31e2bc414e (patch) | |
| tree | d987da63f7476ca23d89f8dd9f4656d0a227e3d3 /net/lapb/lapb_out.c | |
| parent | e3952fcce1aad934f1322843b564ff86256444b2 (diff) | |
jbd2: fix use-after-free of transaction_t race
jbd2_journal_wait_updates() is called with j_state_lock held. But if
there is a commit in progress, then this transaction might get committed
and freed via jbd2_journal_commit_transaction() ->
jbd2_journal_free_transaction(), when we release j_state_lock.
So check for journal->j_running_transaction everytime we release and
acquire j_state_lock to avoid use-after-free issue.
Link: https://lore.kernel.org/r/948c2fed518ae739db6a8f7f83f1d58b504f87d0.1644497105.git.ritesh.list@gmail.com
Fixes: 4f98186848707f53 ("jbd2: refactor wait logic for transaction updates into a common function")
Cc: [email protected]
Reported-and-tested-by: [email protected]
Reviewed-by: Jan Kara <[email protected]>
Signed-off-by: Ritesh Harjani <[email protected]>
Signed-off-by: Theodore Ts'o <[email protected]>
Diffstat (limited to 'net/lapb/lapb_out.c')
0 files changed, 0 insertions, 0 deletions