diff options
| author | Jens Axboe <jaxboe@fusionio.com> | 2010-10-23 20:40:26 +0200 | 
|---|---|---|
| committer | Jens Axboe <jaxboe@fusionio.com> | 2010-10-23 20:40:26 +0200 | 
| commit | 7ad58c028652753814054f4e3ac58f925e7343f4 (patch) | |
| tree | 2e3bc1c5e3c98078b970483cd49a49d7c1ae0dcf /tools/perf/util/annotate.c | |
| parent | 7f3883962870dd28b5f2322ac44a9d03640ef448 (diff) | |
block: fix use-after-free bug in blk throttle code
blk_throtl_exit() frees the throttle data hanging off the queue
in blk_cleanup_queue(), but blk_put_queue() will indirectly
dereference this data when calling blk_sync_queue() which in
turns calls throtl_shutdown_timer_wq().
Fix this by moving the freeing of the throttle data to when
the queue is truly being released, and post the call to
blk_sync_queue().
Reported-by: Ingo Molnar <mingo@elte.hu>
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Diffstat (limited to 'tools/perf/util/annotate.c')
0 files changed, 0 insertions, 0 deletions
