• Bob Peterson's avatar
    GFS2: Fix kernel NULL pointer dereference by dlm_astd · b1becbde
    Bob Peterson authored
    This patch fixes a problem in an error path when looking
    up dinodes.  There are two sister-functions, gfs2_inode_lookup
    and gfs2_process_unlinked_inode.  Both functions acquire and
    hold the i_iopen glock for the dinode being looked up. The last
    thing they try to do is hold the i_gl glock for the dinode.
    If that glock fails for some reason, the error path was
    incorrectly calling gfs2_glock_put for the i_iopen glock twice.
    This resulted in the glock being prematurely freed.  The
    "minimum hold time" usually kept the glock in memory, but the
    lock interface to dlm (aka lock_dlm) freed its memory for the
    glock.  In some circumstances, it would cause dlm's dlm_astd daemon
    to try to call the bast function for the freed lock_dlm memory,
    which resulted in a NULL pointer dereference.
    Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
    Signed-off-by: default avatarSteven Whitehouse <swhiteho@redhat.com>
    b1becbde
inode.c 26.4 KB