]> git.baikalelectronics.ru Git - kernel.git/commit
gfs2: Fix use-after-free in gfs2_logd after withdraw
authorBob Peterson <rpeterso@redhat.com>
Fri, 24 Apr 2020 17:17:33 +0000 (12:17 -0500)
committerAndreas Gruenbacher <agruenba@redhat.com>
Fri, 8 May 2020 13:15:12 +0000 (15:15 +0200)
commit54ce365a8cdbb130e263c1313fd55fbf2a7c35c8
tree33275d568ea935b355f4c7c59ad4bf1c7a9887f6
parentcaeda91f3141e7860fada559253fcd329da587bc
gfs2: Fix use-after-free in gfs2_logd after withdraw

When the gfs2_logd daemon withdrew, the withdraw sequence called
into make_fs_ro() to make the file system read-only. That caused the
journal descriptors to be freed. However, those journal descriptors
were used by gfs2_logd's call to gfs2_ail_flush_reqd(). This caused
a use-after free and NULL pointer dereference.

This patch changes function gfs2_logd() so that it stops all logd
work until the thread is told to stop. Once a withdraw is done,
it only does an interruptible sleep.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
fs/gfs2/log.c