mirror of
git://git.yoctoproject.org/linux-yocto.git
synced 2025-10-22 15:03:53 +02:00
305935130d
commit bec324f33d1ed346394b2eee25bf6dbf3511f727 upstream. When the parent directory's i_rwsem is not locked, req->r_parent may become stale due to concurrent operations (e.g. rename) between dentry lookup and message creation. Validate that r_parent matches the encoded parent inode and update to the correct inode if a mismatch is detected. [ idryomov: folded a follow-up fix from Alex to drop extra reference from ceph_get_reply_dir() in ceph_fill_trace(): ceph_get_reply_dir() may return a different, referenced inode when r_parent is stale and the parent directory lock is not held. ceph_fill_trace() used that inode but failed to drop the reference when it differed from req->r_parent, leaking an inode reference. Keep the directory inode in a local variable and iput() it at function end if it does not match req->r_parent. ] Cc: stable@vger.kernel.org Signed-off-by: Alex Markuze <amarkuze@redhat.com> Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| acl.c | ||
| addr.c | ||
| cache.c | ||
| cache.h | ||
| caps.c | ||
| ceph_frag.c | ||
| crypto.c | ||
| crypto.h | ||
| debugfs.c | ||
| dir.c | ||
| export.c | ||
| file.c | ||
| inode.c | ||
| io.c | ||
| io.h | ||
| ioctl.c | ||
| ioctl.h | ||
| Kconfig | ||
| locks.c | ||
| Makefile | ||
| mds_client.c | ||
| mds_client.h | ||
| mdsmap.c | ||
| mdsmap.h | ||
| metric.c | ||
| metric.h | ||
| quota.c | ||
| snap.c | ||
| strings.c | ||
| super.c | ||
| super.h | ||
| util.c | ||
| xattr.c | ||