mirror of
https://github.com/versity/scoutfs.git
synced 2026-02-09 20:20:08 +00:00
9cc750c4ec
The idr entry that identifies a lock's position in the debugfs locks file is allocated early in the process of building up a lock. Today the idr entry is only destroyed in put_(), which is called later once reference counts are established. Errors before then just call free_() and can leave idrs around that reference freed memory. This always destroys the idr entry in free_(). We no longer leave idr entries around that reference freed memory. This fixes use after free while walking the debugfs file which can hit in scoutfs/006 which uses the locks file. Signed-off-by: Zach Brown <zab@versity.com>