cifs: Possible slab memory corruption while updating extended stats (…

…repost) Updating extended statistics here can cause slab memory corruption if a callback function frees slab memory (mid_entry). Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
mariux64 · Feb 4, 2011 · 64474bd · 64474bd
1 parent 76429c1
commit 64474bd
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
@@ -633,11 +633,11 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
 				mid_entry->largeBuf = isLargeBuf;
 multi_t2_fnd:
 				mid_entry->midState = MID_RESPONSE_RECEIVED;
-				list_del_init(&mid_entry->qhead);
-				mid_entry->callback(mid_entry);
 #ifdef CONFIG_CIFS_STATS2
 				mid_entry->when_received = jiffies;
 #endif
+				list_del_init(&mid_entry->qhead);
+				mid_entry->callback(mid_entry);
 				break;
 			}
 			mid_entry = NULL;