Commit adf0d687 authored by Jeff Layton's avatar Jeff Layton Committed by Ilya Dryomov

ceph: fix unsafe dcache access in ceph_encode_dentry_release

Accessing d_parent requires some sort of locking or it could vanish
out from under us. Since we take the d_lock anyway, use that to fetch
d_parent and take a reference to it, and then use that reference to
call ceph_encode_inode_release.

Link: http://tracker.ceph.com/issues/18148Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Reviewed-by: default avatarYan, Zheng <zyan@redhat.com>
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent fd36a717
...@@ -3926,7 +3926,7 @@ int ceph_encode_inode_release(void **p, struct inode *inode, ...@@ -3926,7 +3926,7 @@ int ceph_encode_inode_release(void **p, struct inode *inode,
int ceph_encode_dentry_release(void **p, struct dentry *dentry, int ceph_encode_dentry_release(void **p, struct dentry *dentry,
int mds, int drop, int unless) int mds, int drop, int unless)
{ {
struct inode *dir = d_inode(dentry->d_parent); struct dentry *parent;
struct ceph_mds_request_release *rel = *p; struct ceph_mds_request_release *rel = *p;
struct ceph_dentry_info *di = ceph_dentry(dentry); struct ceph_dentry_info *di = ceph_dentry(dentry);
int force = 0; int force = 0;
...@@ -3941,9 +3941,12 @@ int ceph_encode_dentry_release(void **p, struct dentry *dentry, ...@@ -3941,9 +3941,12 @@ int ceph_encode_dentry_release(void **p, struct dentry *dentry,
spin_lock(&dentry->d_lock); spin_lock(&dentry->d_lock);
if (di->lease_session && di->lease_session->s_mds == mds) if (di->lease_session && di->lease_session->s_mds == mds)
force = 1; force = 1;
parent = dget(dentry->d_parent);
spin_unlock(&dentry->d_lock); spin_unlock(&dentry->d_lock);
ret = ceph_encode_inode_release(p, dir, mds, drop, unless, force); ret = ceph_encode_inode_release(p, d_inode(parent), mds, drop,
unless, force);
dput(parent);
spin_lock(&dentry->d_lock); spin_lock(&dentry->d_lock);
if (ret && di->lease_session && di->lease_session->s_mds == mds) { if (ret && di->lease_session && di->lease_session->s_mds == mds) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment