Fix this bugreport by Sasha Levin: http://lkml.org/lkml/2015/2/20/85 ("use after free") Make sure mapped pages are available for the entire lifetime of hfs_bnode. Cc: Anton Altaparmakov <aia21@xxxxxxxxx> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Vyacheslav Dubeyko <slava@xxxxxxxxxxx> Cc: Hin-Tak Leung <htl10@xxxxxxxxxxxxxxxxxxxxx> Cc: Sougata Santra <sougata@xxxxxxxxxx> Reported-by: Sasha Levin <sasha.levin@xxxxxxxxxx> Signed-off-by: Sergei Antonov <saproj@xxxxxxxxx> --- fs/hfsplus/bnode.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/hfsplus/bnode.c b/fs/hfsplus/bnode.c index 759708f..5af50fb 100644 --- a/fs/hfsplus/bnode.c +++ b/fs/hfsplus/bnode.c @@ -454,7 +454,6 @@ static struct hfs_bnode *__hfs_bnode_create(struct hfs_btree *tree, u32 cnid) page_cache_release(page); goto fail; } - page_cache_release(page); node->page[i] = page; } @@ -566,13 +565,12 @@ node_error: void hfs_bnode_free(struct hfs_bnode *node) { -#if 0 int i; - for (i = 0; i < node->tree->pages_per_bnode; i++) + for (i = 0; i < node->tree->pages_per_bnode; i++) { if (node->page[i]) page_cache_release(node->page[i]); -#endif + } kfree(node); } -- 2.3.0 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
