git.karo-electronics.de Git - linux-beck.git/commit

author	Eric Sandeen <sandeen@redhat.com>
	Sat, 26 Nov 2016 19:24:51 +0000 (14:24 -0500)
committer	Theodore Ts'o <tytso@mit.edu>
	Sat, 26 Nov 2016 19:24:51 +0000 (14:24 -0500)
commit	9060dd2c5036b12132f9b97e3486ca6422d5bdfc
tree	d37b9d76081781a38165e9d31d55726db76bfbd3	tree \| snapshot
parent	4f5a763c9a0d4b179064d51dddde8421fdbb76c7	commit \| diff

ext4: fix mmp use after free during unmount

In ext4_put_super, we call brelse on the buffer head containing
the ext4 superblock, but then try to use it when we stop the
mmp thread, because when the thread shuts down it does:

write_mmp_block
  ext4_mmp_csum_set
    ext4_has_metadata_csum
      WARN_ON_ONCE(ext4_has_feature_metadata_csum(sb)...)

which reaches into sb->s_fs_info->s_es->s_feature_ro_compat,
which lives in the superblock buffer s_sbh which we just released.

Fix this by moving the brelse down to a point where we are no
longer using it.

Reported-by: Wang Shu <shuwang@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>