From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sergei Antonov Subject: [PATCH] hfsplus: release bnode pages after use, not before Date: Sun, 7 Jun 2015 02:42:56 +0200 Message-ID: <1433637776-3559-1-git-send-email-saproj@gmail.com> Cc: Anton Altaparmakov , Al Viro , Christoph Hellwig , Andrew Morton , Vyacheslav Dubeyko , Hin-Tak Leung , Sougata Santra , Sergei Antonov To: linux-fsdevel@vger.kernel.org, Sasha Levin Return-path: Received: from mail-qc0-f196.google.com ([209.85.216.196]:32892 "EHLO mail-qc0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752160AbbFFWm0 (ORCPT ); Sat, 6 Jun 2015 18:42:26 -0400 Received: by qcrw7 with SMTP id w7so5171112qcr.0 for ; Sat, 06 Jun 2015 15:42:25 -0700 (PDT) Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Fix this bugreport by Sasha Levin: http://lkml.org/lkml/2015/2/20/85 ("use after free") Make sure mapped pages are available for the entire lifetime of hfs_bnode. Cc: Anton Altaparmakov Cc: Al Viro Cc: Christoph Hellwig Cc: Andrew Morton Cc: Vyacheslav Dubeyko Cc: Hin-Tak Leung Cc: Sougata Santra Reported-by: Sasha Levin Signed-off-by: Sergei Antonov --- fs/hfsplus/bnode.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/hfsplus/bnode.c b/fs/hfsplus/bnode.c index 759708f..5af50fb 100644 --- a/fs/hfsplus/bnode.c +++ b/fs/hfsplus/bnode.c @@ -454,7 +454,6 @@ static struct hfs_bnode *__hfs_bnode_create(struct hfs_btree *tree, u32 cnid) page_cache_release(page); goto fail; } - page_cache_release(page); node->page[i] = page; } @@ -566,13 +565,12 @@ node_error: void hfs_bnode_free(struct hfs_bnode *node) { -#if 0 int i; - for (i = 0; i < node->tree->pages_per_bnode; i++) + for (i = 0; i < node->tree->pages_per_bnode; i++) { if (node->page[i]) page_cache_release(node->page[i]); -#endif + } kfree(node); } -- 2.3.0