Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing
authorIlya Dryomov <idryomov@gmail.com>
Wed, 2 Oct 2013 17:41:01 +0000 (20:41 +0300)
committerJosef Bacik <jbacik@fusionio.com>
Fri, 4 Oct 2013 20:02:14 +0000 (16:02 -0400)
commit1357272fc7deeebb7b3c5d1a071562edc273cdaf
tree37af6be54b03e07b4fb06a2ddc4c5ac739c53032
parent964fb15acfcd672ac691f04879b71f07ccc21e0c
Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing

free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev,
can be processed before btrfs_scratch_superblock is called, which would
result in a use-after-free on btrfs_device contents.  Fix this by
zeroing the superblock before the rcu callback is registered.

Cc: Stefan Behrens <sbehrens@giantdisaster.de>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
fs/btrfs/dev-replace.c
fs/btrfs/volumes.c