On Mon, Nov 26, 2018 at 09:17:50AM -0500, Brian Foster wrote:
> On Mon, Nov 26, 2018 at 06:36:19PM +0800, PanBian wrote:
> > On Mon, Nov 26, 2018 at 10:31:39AM +0100, Carlos Maiolino wrote:
> > > On Sat, Nov 24, 2018 at 05:44:20PM +0800, Pan Bian wrote:
> > > > The function xfs_alloc_get_freelist c
On Mon, Nov 26, 2018 at 06:36:19PM +0800, PanBian wrote:
> On Mon, Nov 26, 2018 at 10:31:39AM +0100, Carlos Maiolino wrote:
> > On Sat, Nov 24, 2018 at 05:44:20PM +0800, Pan Bian wrote:
> > > The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
> > > reference. In this case, pag may
On Mon, Nov 26, 2018 at 10:31:39AM +0100, Carlos Maiolino wrote:
> On Sat, Nov 24, 2018 at 05:44:20PM +0800, Pan Bian wrote:
> > The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
> > reference. In this case, pag may be released. However,
> > pag->pagf_btreeblks is read and write a
On Sat, Nov 24, 2018 at 05:44:20PM +0800, Pan Bian wrote:
> The function xfs_alloc_get_freelist calls xfs_perag_put to drop the
> reference. In this case, pag may be released. However,
> pag->pagf_btreeblks is read and write after the put operation. This may
> result in a use-after-free bug. This p
4 matches
Mail list logo
