Skip to content
Commit 17e1c0af authored by Sayali Lokhande's avatar Sayali Lokhande Committed by Your Name
Browse files

fs: namespace: Fix use-after-free in unmount 



During unmount, there is a chance that mntput_no_expire()
scheduled delayed_mntput_work() or in case MNT_INTERNAL
flag is set it can directly call cleanup_mnt().
This results in use-after-free in umount_end check as
mnt is already freed via below path :
cleanup_mnt()->delayed_free_mnt()->free_vfsmnt().

Fix this by moving unmount_end() before mntput_no_expire.

Change-Id: Ib3468ca3b1b3c137484b70972db5d5569f2f2753
Signed-off-by: default avatarSayali Lokhande <sayalil@codeaurora.org>
Signed-off-by: default avatarJprimero15 <jprimero155@gmail.com>
parent bd6ad3b1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment