diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2023-01-06 12:11:41 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2023-01-06 12:11:41 -0800 |
commit | 5c1a712f71286b8435d48e3be5f8faf39a4cc837 (patch) | |
tree | 6d8a6f981569ac5f914ea389ec3286f274c4721d /fs/ceph/locks.c | |
parent | 7b8c854cfe8c94b2ec382a3632b1bd7c970c80b4 (diff) | |
parent | 8e1858710d9a71d88acd922f2e95d1eddb90eea0 (diff) | |
download | linux-stable-5c1a712f71286b8435d48e3be5f8faf39a4cc837.tar.gz linux-stable-5c1a712f71286b8435d48e3be5f8faf39a4cc837.tar.bz2 linux-stable-5c1a712f71286b8435d48e3be5f8faf39a4cc837.zip |
Merge tag 'ceph-for-6.2-rc3' of https://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"Two file locking fixes from Xiubo"
* tag 'ceph-for-6.2-rc3' of https://github.com/ceph/ceph-client:
ceph: avoid use-after-free in ceph_fl_release_lock()
ceph: switch to vfs_inode_has_locks() to fix file lock bug
Diffstat (limited to 'fs/ceph/locks.c')
-rw-r--r-- | fs/ceph/locks.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/fs/ceph/locks.c b/fs/ceph/locks.c index f3b461c708a8..9c8dc8a55e7e 100644 --- a/fs/ceph/locks.c +++ b/fs/ceph/locks.c @@ -32,24 +32,36 @@ void __init ceph_flock_init(void) static void ceph_fl_copy_lock(struct file_lock *dst, struct file_lock *src) { - struct ceph_file_info *fi = dst->fl_file->private_data; struct inode *inode = file_inode(dst->fl_file); atomic_inc(&ceph_inode(inode)->i_filelock_ref); - atomic_inc(&fi->num_locks); + dst->fl_u.ceph.inode = igrab(inode); } +/* + * Do not use the 'fl->fl_file' in release function, which + * is possibly already released by another thread. + */ static void ceph_fl_release_lock(struct file_lock *fl) { - struct ceph_file_info *fi = fl->fl_file->private_data; - struct inode *inode = file_inode(fl->fl_file); - struct ceph_inode_info *ci = ceph_inode(inode); - atomic_dec(&fi->num_locks); + struct inode *inode = fl->fl_u.ceph.inode; + struct ceph_inode_info *ci; + + /* + * If inode is NULL it should be a request file_lock, + * nothing we can do. + */ + if (!inode) + return; + + ci = ceph_inode(inode); if (atomic_dec_and_test(&ci->i_filelock_ref)) { /* clear error when all locks are released */ spin_lock(&ci->i_ceph_lock); ci->i_ceph_flags &= ~CEPH_I_ERROR_FILELOCK; spin_unlock(&ci->i_ceph_lock); } + fl->fl_u.ceph.inode = NULL; + iput(inode); } static const struct file_lock_operations ceph_fl_lock_ops = { |