summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorAlex Elder <elder@inktank.com>2013-05-14 03:35:37 +0200
committerAlex Elder <elder@inktank.com>2013-05-17 19:50:10 +0200
commit3abef3b3585bbc67d56fdc9c67761a900fb4b69d (patch)
treed94c9555797c77e4c92f2fea22049a962af48de9 /fs
parentrbd: don't destroy ceph_opts in rbd_add() (diff)
downloadlinux-3abef3b3585bbc67d56fdc9c67761a900fb4b69d.tar.xz
linux-3abef3b3585bbc67d56fdc9c67761a900fb4b69d.zip
rbd: fix cleanup in rbd_add()
Bjorn Helgaas pointed out that a recent commit introduced a use-after-free condition in an error path for rbd_add(). He correctly stated: I think b536f69a3a5 "rbd: set up devices only for mapped images" introduced a use-after-free error in rbd_add(): ... If rbd_dev_device_setup() returns an error, we call rbd_dev_image_release(), which ultimately kfrees rbd_dev. Then we call rbd_dev_destroy(), which references fields in the already-freed rbd_dev struct before kfreeing it again. The simple fix is to return the error code after the call to rbd_dev_image_release(). Closer examination revealed that there's no need to clean up rbd_opts in that function, so fix that too. Update some other comments that have also become out of date. Reported-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Alex Elder <elder@inktank.com> Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions