On Mon, Feb 24, 2020 at 04:11:20PM -0800, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > > Since libxfs doesn't allocate the struct xfs_mount *, we can't just free > it during unmount. Zero its contents to prevent any use-after-free. > > Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> > --- Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx> > libxfs/init.c | 1 + > 1 file changed, 1 insertion(+) > > > diff --git a/libxfs/init.c b/libxfs/init.c > index d4804ead..197690df 100644 > --- a/libxfs/init.c > +++ b/libxfs/init.c > @@ -904,6 +904,7 @@ libxfs_umount( > if (mp->m_logdev_targp != mp->m_ddev_targp) > kmem_free(mp->m_logdev_targp); > kmem_free(mp->m_ddev_targp); > + memset(mp, 0, sizeof(struct xfs_mount)); > > return error; > } >
