Google Git
Sign in
kernel / pub / scm / linux / kernel / git / stable / stable-queue / b804c8bb62fd880ad7f03fc0f376242587025a2e / . / releases / 4.20.6 / ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch
blob: c487c4230ee2a9f9eab9c70a9ce3a09b09f849fc [file] [log] [blame]
From d95e674c01cfb5461e8b9fdeebf6d878c9b80b2f Mon Sep 17 00:00:00 2001
From: "Yan, Zheng" <zyan@redhat.com>
Date: Thu, 10 Jan 2019 15:41:09 +0800
Subject: ceph: clear inode pointer when snap realm gets dropped by its inode
From: Yan, Zheng <zyan@redhat.com>
commit d95e674c01cfb5461e8b9fdeebf6d878c9b80b2f upstream.
snap realm and corresponding inode have pointers to each other.
The two pointer should get clear at the same time. Otherwise,
snap realm's pointer may reference freed inode.
Cc: stable@vger.kernel.org # 4.17+
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Luis Henriques <lhenriques@suse.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/caps.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -1032,6 +1032,8 @@ static void drop_inode_snap_realm(struct
list_del_init(&ci->i_snap_realm_item);
ci->i_snap_realm_counter++;
ci->i_snap_realm = NULL;
+ if (realm->ino == ci->i_vino.ino)
+ realm->inode = NULL;
spin_unlock(&realm->inodes_with_caps_lock);
ceph_put_snap_realm(ceph_sb_to_client(ci->vfs_inode.i_sb)->mdsc,
realm);