From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> Since libxfs doesn't allocate the struct xfs_mount *, we can't just free it during unmount. Zero its contents to prevent any use-after-free. Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> --- libxfs/init.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libxfs/init.c b/libxfs/init.c index d4804ead..197690df 100644 --- a/libxfs/init.c +++ b/libxfs/init.c @@ -904,6 +904,7 @@ libxfs_umount( if (mp->m_logdev_targp != mp->m_ddev_targp) kmem_free(mp->m_logdev_targp); kmem_free(mp->m_ddev_targp); + memset(mp, 0, sizeof(struct xfs_mount)); return error; }
