diff options
| author | Wentao Liang <vulab@iscas.ac.cn> | 2026-05-18 16:10:36 +0300 |
|---|---|---|
| committer | Anna Schumaker <anna.schumaker@hammerspace.com> | 2026-06-08 17:21:55 +0300 |
| commit | 13e198a90ca4050f4bee8a3f23680389a6563ccc (patch) | |
| tree | 4e5c87fc830678bf352d7bb89e08aa68f5c0d84a /scripts | |
| parent | 35168eb947f230aaa35fd8416a30563ef89f5421 (diff) | |
| download | linux-13e198a90ca4050f4bee8a3f23680389a6563ccc.tar.xz | |
pNFS: Fix use-after-free in pnfs_update_layout()
When hitting the NFS_LAYOUT_RETURN branch in pnfs_update_layout(),
the code calls pnfs_prepare_to_retry_layoutget(lo). If it succeeds,
pnfs_put_layout_hdr(lo) is called before trace_pnfs_update_layout(),
which still references 'lo'. This results in a use-after-free when the
tracepoint accesses lo's fields.
Fix this by moving the tracepoint call before pnfs_put_layout_hdr(lo).
Fixes: 2c8d5fc37fe2 ("pNFS: Stricter ordering of layoutget and layoutreturn")
Cc: stable@vger.kernel.org
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Signed-off-by: Anna Schumaker <anna.schumaker@hammerspace.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions
