[BTRFS]
authorPierre Schweitzer <pierre@reactos.org>
Tue, 10 May 2016 21:07:56 +0000 (21:07 +0000)
committerPierre Schweitzer <pierre@reactos.org>
Tue, 10 May 2016 21:07:56 +0000 (21:07 +0000)
Cherry pick aa04ca0ea4cadb0c70ff6d659916cc98b7b02c27: uninit: don't free roots before FCBs are freed

This avoids use-after-free on shutdown

svn path=/trunk/; revision=71314

reactos/drivers/filesystems/btrfs/btrfs.c

index a9fb3e5..b31059a 100644 (file)
@@ -2374,6 +2374,13 @@ void STDCALL uninit(device_extension* Vcb, BOOL flush) {
 
         release_tree_lock(Vcb, TRUE);
     }
+    
+    // FIXME - stop async threads
+    
+    free_fcb(Vcb->volume_fcb);
+    free_fileref(Vcb->root_fileref);
+    
+    // FIXME - free any open fcbs?
 
     while (!IsListEmpty(&Vcb->roots)) {
         LIST_ENTRY* le = RemoveHeadList(&Vcb->roots);
@@ -2402,9 +2409,6 @@ void STDCALL uninit(device_extension* Vcb, BOOL flush) {
         ExFreePool(c);
     }
     
-    free_fcb(Vcb->volume_fcb);
-    free_fileref(Vcb->root_fileref);
-    
     for (i = 0; i < Vcb->superblock.num_devices; i++) {
         while (!IsListEmpty(&Vcb->devices[i].disk_holes)) {
             LIST_ENTRY* le = RemoveHeadList(&Vcb->devices[i].disk_holes);