ceph: clear inode pointer when snap realm gets dropped by its inode

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

snap realm and corresponding inode have pointers to each other.
The two pointer should get clear at the same time. Otherwise,
snap realm's pointer may reference freed inode.

Cc: stable@vger.kernel.org # 4.17+
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Luis Henriques <lhenriques@suse.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

authored by

Yan, Zheng and committed by

Ilya Dryomov 7 years ago d95e674c 49a57857

1 changed file

expand all

ceph

caps.c

fs/ceph/caps.c

··· 1035 1035 list_del_init(&ci->i_snap_realm_item); 1036 1036 ci->i_snap_realm_counter++; 1037 1037 ci->i_snap_realm = NULL; 1038 + if (realm->ino == ci->i_vino.ino) 1039 + realm->inode = NULL; 1038 1040 spin_unlock(&realm->inodes_with_caps_lock); 1039 1041 ceph_put_snap_realm(ceph_sb_to_client(ci->vfs_inode.i_sb)->mdsc, 1040 1042 realm);