From: Sage Weil <sage@newdream.net>
Date: Thu, 29 Apr 2010 16:28:11 +0000 (-0700)
Subject: ceph: fix xattr dangling pointer / double free
X-Git-Tag: v2.6.35-rc1~419^2~31
X-Git-Url: http://bbs.cooldavid.org/git/?a=commitdiff_plain;h=a6424e48c8d54a5795430b07c4487f1ed280df4e;p=net-next-2.6.git

ceph: fix xattr dangling pointer / double free

If we use the xattr_blob, clear the pointer so we don't release the memory
at the bottom of the fuction.

Reported-by: Henry C Chang <henry_c_chang@tcloudcomputing.com>
Signed-off-by: Sage Weil <sage@newdream.net>
---

diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index ef917232cf3..913cafd70cd 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -619,6 +619,7 @@ static int fill_inode(struct inode *inode,
 			memcpy(ci->i_xattrs.blob->vec.iov_base,
 			       iinfo->xattr_data, iinfo->xattr_len);
 		ci->i_xattrs.version = le64_to_cpu(info->xattr_version);
+		xattr_blob = NULL;
 	}
 
 	inode->i_mapping->a_ops = &ceph_aops;