Re: [PATCH 1/2] libxfs: zero the struct xfs_mount when unmounting the filesystem

Eric Sandeen <sandeen@xxxxxxxxxxx> · Mon, 24 Feb 2020 21:57:03 -0800

On 2/24/20 4:11 PM, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> 
> Since libxfs doesn't allocate the struct xfs_mount *, we can't just free
> it during unmount.  Zero its contents to prevent any use-after-free.

seems fine but makes me wonder what prompted it.  Did we have a use
after free?

Reviewed-by: Eric Sandeen <sandeen@xxxxxxxxxx>

> 
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
>  libxfs/init.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> 
> diff --git a/libxfs/init.c b/libxfs/init.c
> index d4804ead..197690df 100644
> --- a/libxfs/init.c
> +++ b/libxfs/init.c
> @@ -904,6 +904,7 @@ libxfs_umount(
>  	if (mp->m_logdev_targp != mp->m_ddev_targp)
>  		kmem_free(mp->m_logdev_targp);
>  	kmem_free(mp->m_ddev_targp);
> +	memset(mp, 0, sizeof(struct xfs_mount));
>  
>  	return error;
>  }
> 