From 61c9f8797771c951ecd240981d7d97d5adc685e0 Mon Sep 17 00:00:00 2001
From: Bobi Jam <bobijam@whamcloud.com>
Date: Wed, 24 Jul 2019 21:24:01 +0800
Subject: [PATCH] LU-12581 osc: prevent use after free

Clear aa_oa after it's been freed to prevent use after free.

Signed-off-by: Bobi Jam <bobijam@whamcloud.com>
Change-Id: Idf122aa53fe5b13c07337745e5a26763e8712be2
Reviewed-on: https://review.whamcloud.com/35601
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/osc/osc_request.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lustre/osc/osc_request.c b/lustre/osc/osc_request.c
index 59d6bc6..a29d49f 100644
--- a/lustre/osc/osc_request.c
+++ b/lustre/osc/osc_request.c
@@ -751,6 +751,7 @@ static int osc_shrink_grant_interpret(const struct lu_env *env,
 	osc_update_grant(cli, body);
 out:
 	OBD_SLAB_FREE_PTR(aa->aa_oa, osc_obdo_kmem);
+	aa->aa_oa = NULL;
 
 	return rc;
 }
@@ -2123,6 +2124,7 @@ static int brw_interpret(const struct lu_env *env,
 		cl_object_attr_unlock(obj);
 	}
 	OBD_SLAB_FREE_PTR(aa->aa_oa, osc_obdo_kmem);
+	aa->aa_oa = NULL;
 
 	if (lustre_msg_get_opc(req->rq_reqmsg) == OST_WRITE && rc == 0)
 		osc_inc_unstable_pages(req);
-- 
1.8.3.1