git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Yan, Zheng <zyan@redhat.com>
	Mon, 27 Nov 2017 03:23:48 +0000 (11:23 +0800)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Tue, 2 Jul 2019 16:30:46 +0000 (18:30 +0200)
commit	48697e8a03441e7f02868b8ae6af7fab0a3a322b
tree	43997a55ca03ebee7f28c1370903973fc4e27b2f	tree
parent	d91016e8b7f0092f834991ca9ba129a0c39fedda	commit \| diff

ceph: avoid dereferencing invalid pointer during cached readdir

BugLink: https://bugs.launchpad.net/bugs/1834235
Readdir cache keeps array of dentry pointers in page cache. If any
dentry in readdir cache gets pruned, ceph_d_prune() disables readdir
cache for later readdir syscall. The problem is that ceph_d_prune()
ignores unhashed dentry. Ideally MDS should have already revoked
CEPH_CAP_FILE_SHARED (which also disables readdir cache) when dentry
gets unhashed. But if it is somehow MDS does not properly revoke
CEPH_CAP_FILE_SHARED and the unhashed dentry gets pruned later,
ceph_d_prune() will not disable readdir cache, later readdir may
reference invalid dentry pointer.

The fix is make ceph_d_prune() do extra check for unhashed dentry.
Disable readdir cache if the unhashed dentry is still referenced
by readdir cache.

Another fix in this patch is handle d_splice_alias(). If a dentry
gets spliced into new parent dentry, treat it as if it was pruned
(call ceph_d_prune() for it).

Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 5495c2d04f85da09512f5f346ed24dc0261d905d)
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

fs/ceph/dir.c		diff \| blob \| blame \| history
fs/ceph/inode.c		diff \| blob \| blame \| history