diff options
| author | Eric Sandeen <[email protected]> | 2016-11-26 14:24:51 -0500 |
|---|---|---|
| committer | Theodore Ts'o <[email protected]> | 2016-11-26 14:24:51 -0500 |
| commit | 9060dd2c5036b12132f9b97e3486ca6422d5bdfc (patch) | |
| tree | d37b9d76081781a38165e9d31d55726db76bfbd3 /net/lapb | |
| parent | 4f5a763c9a0d4b179064d51dddde8421fdbb76c7 (diff) | |
ext4: fix mmp use after free during unmount
In ext4_put_super, we call brelse on the buffer head containing
the ext4 superblock, but then try to use it when we stop the
mmp thread, because when the thread shuts down it does:
write_mmp_block
ext4_mmp_csum_set
ext4_has_metadata_csum
WARN_ON_ONCE(ext4_has_feature_metadata_csum(sb)...)
which reaches into sb->s_fs_info->s_es->s_feature_ro_compat,
which lives in the superblock buffer s_sbh which we just released.
Fix this by moving the brelse down to a point where we are no
longer using it.
Reported-by: Wang Shu <[email protected]>
Signed-off-by: Eric Sandeen <[email protected]>
Signed-off-by: Theodore Ts'o <[email protected]>
Reviewed-by: Andreas Dilger <[email protected]>
Diffstat (limited to 'net/lapb')
0 files changed, 0 insertions, 0 deletions