cifs: fix potential use-after-free in cifs_oplock_break_put
authorJeff Layton <jlayton@redhat.com>
Wed, 10 Nov 2010 15:19:10 +0000 (10:19 -0500)
committerSteve French <sfrench@us.ibm.com>
Wed, 10 Nov 2010 15:37:17 +0000 (15:37 +0000)
cfile may very well be freed after the cifsFileInfo_put. Make sure we
have a valid pointer to the superblock for cifs_sb_deactive.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/file.c

index 06c3e83fa387fecf63b93e33a0455dac6da45f6d..b857ce5db7755143affed1224c778d34ddc77b99 100644 (file)
@@ -2271,8 +2271,10 @@ void cifs_oplock_break_get(struct cifsFileInfo *cfile)
 
 void cifs_oplock_break_put(struct cifsFileInfo *cfile)
 {
+       struct super_block *sb = cfile->dentry->d_sb;
+
        cifsFileInfo_put(cfile);
-       cifs_sb_deactive(cfile->dentry->d_sb);
+       cifs_sb_deactive(sb);
 }
 
 const struct address_space_operations cifs_addr_ops = {