diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-12-04 12:46:07 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-12-04 12:46:07 -0800 |
| commit | 849ee3d46a7334e950fb17d1ac2cbe2c6b088f65 (patch) | |
| tree | 454f08ff92b2767c22ff2eacbc895fb23ff17b2e | |
| parent | fb39cbda147082a2e7dc4e2b5f3298448295e3c4 (diff) | |
| parent | 70b16db86f564977df074072143284aec2cb1162 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull Ceph fix from Sage Weil:
"This addresses a refcounting bug that leads to a use-after-free"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
rbd: don't put snap_context twice in rbd_queue_workfn()
| -rw-r--r-- | drivers/block/rbd.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index 235708c7c46e..81ea69fee7ca 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -3442,6 +3442,7 @@ static void rbd_queue_workfn(struct work_struct *work) goto err_rq; } img_request->rq = rq; + snapc = NULL; /* img_request consumes a ref */ if (op_type == OBJ_OP_DISCARD) result = rbd_img_request_fill(img_request, OBJ_REQUEST_NODATA, |