Commit 4dd57608 authored by Bob Peterson's avatar Bob Peterson Committed by Zheng Zengkai
Browse files

gfs2: fix use-after-free in trans_drain 



stable inclusion
from stable-5.10.27
commit 6d7dce3bdfc4d38d64212f458c6778dcd2bead00
bugzilla: 51493

--------------------------------

[ Upstream commit 1a5a2cfd ]

This patch adds code to function trans_drain to remove drained
bd elements from the ail lists, if queued, before freeing the bd.
If we don't remove the bd from the ail, function ail_drain will
try to reference the bd after it has been freed by trans_drain.

Thanks to Andy Price for his analysis of the problem.

Reported-by: default avatarAndy Price <anprice@redhat.com>
Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Acked-by: default avatar  Weilong Chen <chenweilong@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 9dc3c083
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment