Commit ebe2e91e authored Nov 10, 2010 by Jeff Layton Committed by Steve French Nov 10, 2010

cifs: fix potential use-after-free in cifs_oplock_break_put



cfile may very well be freed after the cifsFileInfo_put. Make sure we
have a valid pointer to the superblock for cifs_sb_deactive.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

parent f6614b7b

fs/cifs/file.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -2271,8 +2271,10 @@ void cifs_oplock_break_get(struct cifsFileInfo *cfile)

		void cifs_oplock_break_put(struct cifsFileInfo *cfile)
		{
		struct super_block *sb = cfile->dentry->d_sb;

		cifsFileInfo_put(cfile);
		cifs_sb_deactive(cfile->dentry->d_sb);
		cifs_sb_deactive(sb);
		}

		const struct address_space_operations cifs_addr_ops = {