[XFS] Fix use-after-free during log unmount.

Don't reference the log buffer after running the callbacks as the callback
can trigger the log buffers to be freed during unmount.

SGI-PV: 964545
SGI-Modid: xfs-linux-melb:xfs-kern:28567a

Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Tim Shimmin <tes@sgi.com>
This commit is contained in:
David Chinner 2007-05-14 18:24:16 +10:00 committed by Tim Shimmin
parent 40095b64f5
commit 3db296f341
1 changed files with 9 additions and 7 deletions

View File

@ -967,14 +967,16 @@ xlog_iodone(xfs_buf_t *bp)
} else if (iclog->ic_state & XLOG_STATE_IOERROR) {
aborted = XFS_LI_ABORTED;
}
/* log I/O is always issued ASYNC */
ASSERT(XFS_BUF_ISASYNC(bp));
xlog_state_done_syncing(iclog, aborted);
if (!(XFS_BUF_ISASYNC(bp))) {
/*
* Corresponding psema() will be done in bwrite(). If we don't
* vsema() here, panic.
*/
XFS_BUF_V_IODONESEMA(bp);
}
/*
* do not reference the buffer (bp) here as we could race
* with it being freed after writing the unmount record to the
* log.
*/
} /* xlog_iodone */
/*