aha/fs/xfs
Lachlan McIlroy e1f5dbd707 [XFS] Fix use-after-free with buffers
We have a use-after-free issue where log completions access buffers via
the buffer log item and the buffer has already been freed. Fix this by
taking a reference on the buffer when attaching the buffer log item and
release the hold when the buffer log item is detached and we no longer
need the buffer. Also create a new function xfs_buf_item_free() to combine
some common code.

SGI-PV: 985757

SGI-Modid: xfs-linux-melb:xfs-kern:32025a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
2008-09-17 16:52:13 +10:00
..
linux-2.6 [XFS] Prevent direct I/O from mapping extents beyond eof 2008-09-17 16:50:14 +10:00
quota [XFS] Use KM_NOFS for debug trace buffers 2008-08-13 16:51:57 +10:00
support [XFS] streamline init/exit path 2008-07-28 16:59:25 +10:00
Kconfig [XFS] allow enabling CONFIG_XFS_DEBUG 2008-04-29 16:07:48 +10:00
Makefile [XFS] Use the generic xattr methods. 2008-07-28 16:58:49 +10:00
xfs.h [XFS] Fix broken HAVE_SPLICE removal commit. 2008-04-29 15:57:49 +10:00
xfs_acl.c [XFS] kill bhv_vnode_t 2008-08-13 16:22:40 +10:00
xfs_acl.h [XFS] kill bhv_vnode_t 2008-08-13 16:22:40 +10:00
xfs_ag.h
xfs_alloc.c
xfs_alloc.h
xfs_alloc_btree.c
xfs_alloc_btree.h
xfs_arch.h [XFS] remove INT_GET and friends 2008-08-13 16:07:53 +10:00
xfs_attr.c [XFS] Move xfs_attr_rolltrans to xfs_trans_roll 2008-08-13 16:05:49 +10:00
xfs_attr.h [XFS] Move attr log alloc size calculator to another function. 2008-08-13 16:03:35 +10:00
xfs_attr_leaf.c [XFS] Move xfs_attr_rolltrans to xfs_trans_roll 2008-08-13 16:05:49 +10:00
xfs_attr_leaf.h [XFS] Move xfs_attr_rolltrans to xfs_trans_roll 2008-08-13 16:05:49 +10:00
xfs_attr_sf.h [XFS] 2008-07-28 16:58:35 +10:00
xfs_bit.c [XFS] Use the generic bitops rather than implementing them ourselves. 2008-08-13 15:41:12 +10:00
xfs_bit.h [XFS] Use the generic bitops rather than implementing them ourselves. 2008-08-13 15:41:12 +10:00
xfs_bmap.c [XFS] Make xfs_bmap_*_count_leaves void. 2008-08-13 16:52:25 +10:00
xfs_bmap.h [XFS] Restore the lowspace extent allocator algorithm 2008-07-28 16:59:11 +10:00
xfs_bmap_btree.c [XFS] Allow xfs_bmbt_split() to fallback to the lowspace allocator 2008-07-28 16:59:13 +10:00
xfs_bmap_btree.h
xfs_btree.c [XFS] Use the same btree_cur union member for alloc and inobt trees. 2008-08-13 16:25:27 +10:00
xfs_btree.h [XFS] Use the same btree_cur union member for alloc and inobt trees. 2008-08-13 16:25:27 +10:00
xfs_buf_item.c [XFS] Fix use-after-free with buffers 2008-09-17 16:52:13 +10:00
xfs_buf_item.h
xfs_clnt.h [XFS] Fix up noattr2 so that it will properly update the versionnum and 2008-07-28 16:58:05 +10:00
xfs_da_btree.c [XFS] streamline init/exit path 2008-07-28 16:59:25 +10:00
xfs_da_btree.h [XFS] Return case-insensitive match for dentry cache 2008-07-28 16:58:40 +10:00
xfs_dfrag.c [XFS] Prevent lockdep false positives when locking two inodes. 2008-09-17 16:51:21 +10:00
xfs_dfrag.h
xfs_dinode.h
xfs_dir2.c [XFS] Zero uninitialised xfs_da_args structure in xfs_dir2.c 2008-07-28 16:58:46 +10:00
xfs_dir2.h [XFS] Return case-insensitive match for dentry cache 2008-07-28 16:58:40 +10:00
xfs_dir2_block.c [XFS] Return case-insensitive match for dentry cache 2008-07-28 16:58:40 +10:00
xfs_dir2_block.h
xfs_dir2_data.c [XFS] Name operation vector for hash and compare 2008-07-28 16:58:36 +10:00
xfs_dir2_data.h
xfs_dir2_leaf.c [XFS] Fix CI lookup in leaf-form directories 2008-07-28 16:59:06 +10:00
xfs_dir2_leaf.h
xfs_dir2_node.c [XFS] Fix returning case-preserved name with CI node form directories 2008-07-28 16:59:01 +10:00
xfs_dir2_node.h
xfs_dir2_sf.c [XFS] Return case-insensitive match for dentry cache 2008-07-28 16:58:40 +10:00
xfs_dir2_sf.h [XFS] Pack some shortform dir2 structures for the ARM old ABI 2008-07-28 16:58:50 +10:00
xfs_dir2_trace.c [XFS] Add op_flags field and helpers to xfs_da_args 2008-07-28 16:58:37 +10:00
xfs_dir2_trace.h
xfs_dmapi.h removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
xfs_dmops.c
xfs_error.c [XFS] kill INDUCE_IO_ERROR 2008-08-13 16:17:37 +10:00
xfs_error.h [XFS] kill INDUCE_IO_ERROR 2008-08-13 16:17:37 +10:00
xfs_extfree_item.c [XFS] Remove unused arg from kmem_free() 2008-07-28 16:58:07 +10:00
xfs_extfree_item.h
xfs_filestream.c [XFS] Use KM_NOFS for debug trace buffers 2008-08-13 16:51:57 +10:00
xfs_filestream.h
xfs_fs.h [XFS] attrmulti cleanup 2008-07-28 16:59:09 +10:00
xfs_fsops.c [XFS] XFS: ASCII case-insensitive support 2008-07-28 16:58:42 +10:00
xfs_fsops.h
xfs_ialloc.c [XFS] Don't initialise new inode generation numbers to zero 2008-04-29 15:58:56 +10:00
xfs_ialloc.h
xfs_ialloc_btree.c [XFS] Use the same btree_cur union member for alloc and inobt trees. 2008-08-13 16:25:27 +10:00
xfs_ialloc_btree.h
xfs_iget.c [XFS] replace inode flush semaphore with a completion 2008-08-13 16:41:16 +10:00
xfs_imap.h
xfs_inode.c CRED: Introduce credential access wrappers 2008-08-14 09:35:23 +10:00
xfs_inode.h [XFS] update timestamp in xfs_ialloc manually 2008-08-13 16:44:15 +10:00
xfs_inode_item.c [XFS] replace inode flush semaphore with a completion 2008-08-13 16:41:16 +10:00
xfs_inode_item.h
xfs_inum.h
xfs_iomap.c [XFS] use minleft when allocating in xfs_bmbt_split() 2008-07-28 16:59:10 +10:00
xfs_iomap.h
xfs_itable.c [XFS] remove some easy bhv_vnode_t instances 2008-08-13 16:22:09 +10:00
xfs_itable.h
xfs_log.c [XFS] Fix barrier status change detection. 2008-09-17 16:50:50 +10:00
xfs_log.h [XFS] cleanup xfs_mountfs 2008-08-13 16:49:32 +10:00
xfs_log_priv.h [XFS] Move memory allocations for log tracing out of the critical path 2008-09-17 16:45:37 +10:00
xfs_log_recover.c [XFS] cleanup xfs_mountfs 2008-08-13 16:49:32 +10:00
xfs_log_recover.h
xfs_mount.c [XFS] use KM_MAYFAIL in xfs_mountfs 2008-08-13 16:51:29 +10:00
xfs_mount.h [XFS] xfs_unmountfs should return void 2008-08-13 16:49:57 +10:00
xfs_mru_cache.c [XFS] streamline init/exit path 2008-07-28 16:59:25 +10:00
xfs_mru_cache.h
xfs_qmops.c
xfs_quota.h
xfs_refcache.h
xfs_rename.c [XFS] Don't update mtime on rename source 2008-07-28 16:59:14 +10:00
xfs_rtalloc.c [XFS] Use the generic bitops rather than implementing them ourselves. 2008-08-13 15:41:12 +10:00
xfs_rtalloc.h
xfs_rw.c [XFS] replace the XFS buf iodone semaphore with a completion 2008-08-13 16:36:11 +10:00
xfs_rw.h
xfs_sb.h [XFS] XFS: ASCII case-insensitive support 2008-07-28 16:58:42 +10:00
xfs_trans.c [XFS] remove shouting-indirection macros from xfs_trans.h 2008-08-13 16:10:52 +10:00
xfs_trans.h [XFS] remove shouting-indirection macros from xfs_trans.h 2008-08-13 16:10:52 +10:00
xfs_trans_ail.c
xfs_trans_buf.c [XFS] remove shouting-indirection macros from xfs_trans.h 2008-08-13 16:10:52 +10:00
xfs_trans_extfree.c
xfs_trans_inode.c [XFS] Remove unused arg from kmem_free() 2008-07-28 16:58:07 +10:00
xfs_trans_item.c [XFS] remove shouting-indirection macros from xfs_trans.h 2008-08-13 16:10:52 +10:00
xfs_trans_priv.h
xfs_trans_space.h
xfs_types.h
xfs_utils.c [XFS] Avoid directly referencing the VFS inode. 2008-08-13 15:45:15 +10:00
xfs_utils.h [XFS] implement IHOLD/IRELE directly 2008-08-13 16:13:45 +10:00
xfs_vfsops.c [XFS] kill bhv_vnode_t 2008-08-13 16:22:40 +10:00
xfs_vfsops.h [XFS] merge xfs_mount into xfs_fs_fill_super 2008-07-28 16:58:21 +10:00
xfs_vnodeops.c [XFS] Prevent lockdep false positives when locking two inodes. 2008-09-17 16:51:21 +10:00
xfs_vnodeops.h [XFS] Now that xfs_setattr is only used for attributes set from ->setattr 2008-07-28 16:59:37 +10:00