git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 76429c1)
cifs: Possible slab memory corruption while updating extended stats (repost)
authorShirish Pargaonkar <shirishpargaonkar@gmail.com>
Thu, 3 Feb 2011 20:31:18 +0000 (14:31 -0600)
committerSteve French <sfrench@us.ibm.com>
Fri, 4 Feb 2011 20:18:06 +0000 (20:18 +0000)
Updating extended statistics here can cause slab memory corruption
if a callback function frees slab memory (mid_entry).

Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/connect.c patch | blob | history

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 945b220..1f32a28 100644 (file)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -633,11 +633,11 @@ incomplete_rcv:
                                mid_entry->largeBuf = isLargeBuf;
 multi_t2_fnd:
                                mid_entry->midState = MID_RESPONSE_RECEIVED;
-                               list_del_init(&mid_entry->qhead);
-                               mid_entry->callback(mid_entry);
 #ifdef CONFIG_CIFS_STATS2
                                mid_entry->when_received = jiffies;
 #endif
+                               list_del_init(&mid_entry->qhead);
+                               mid_entry->callback(mid_entry);
                                break;
                        }
                        mid_entry = NULL;
Pandora Kernel Repository