cifs: Possible slab memory corruption while updating extended stats (repost)
Updating extended statistics here can cause slab memory corruption if a callback function frees slab memory (mid_entry). Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
76429c148b
commit
64474bdd07
fs/cifs
|
@ -633,11 +633,11 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
|
|||
mid_entry->largeBuf = isLargeBuf;
|
||||
multi_t2_fnd:
|
||||
mid_entry->midState = MID_RESPONSE_RECEIVED;
|
||||
list_del_init(&mid_entry->qhead);
|
||||
mid_entry->callback(mid_entry);
|
||||
#ifdef CONFIG_CIFS_STATS2
|
||||
mid_entry->when_received = jiffies;
|
||||
#endif
|
||||
list_del_init(&mid_entry->qhead);
|
||||
mid_entry->callback(mid_entry);
|
||||
break;
|
||||
}
|
||||
mid_entry = NULL;
|
||||
|
|
Loading…
Reference in New Issue