Home Home > GIT Browse > SLE12-SP3-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuis Henriques <lhenriques@suse.com>2019-02-18 15:52:10 +0000
committerLuis Henriques <lhenriques@suse.com>2019-02-18 15:52:14 +0000
commit3ea90154cb0f2ba95a602716d8e56a72b727c96a (patch)
tree111a18ea21b953b4e28088a4fc874317406467b5
parent90ba0219e994d43927d8fc3b916654b8a441dd70 (diff)
ceph: clear inode pointer when snap realm gets dropped by its
inode (bsc#1125809).
-rw-r--r--patches.fixes/ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch31
-rw-r--r--series.conf1
2 files changed, 32 insertions, 0 deletions
diff --git a/patches.fixes/ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch b/patches.fixes/ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch
new file mode 100644
index 0000000000..2269f5500a
--- /dev/null
+++ b/patches.fixes/ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch
@@ -0,0 +1,31 @@
+From: "Yan, Zheng" <zyan@redhat.com>
+Date: Thu, 10 Jan 2019 15:41:09 +0800
+Subject: ceph: clear inode pointer when snap realm gets dropped by its inode
+Git-commit: d95e674c01cfb5461e8b9fdeebf6d878c9b80b2f
+Patch-mainline: v5.0-rc4
+References: bsc#1125809
+
+snap realm and corresponding inode have pointers to each other.
+The two pointer should get clear at the same time. Otherwise,
+snap realm's pointer may reference freed inode.
+
+Cc: stable@vger.kernel.org # 4.17+
+Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
+Reviewed-by: Luis Henriques <lhenriques@suse.com>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ fs/ceph/caps.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/ceph/caps.c
++++ b/fs/ceph/caps.c
+@@ -936,6 +936,8 @@ static void drop_inode_snap_realm(struct
+ list_del_init(&ci->i_snap_realm_item);
+ ci->i_snap_realm_counter++;
+ ci->i_snap_realm = NULL;
++ if (realm->ino == ci->i_vino.ino)
++ realm->inode = NULL;
+ spin_unlock(&realm->inodes_with_caps_lock);
+ ceph_put_snap_realm(ceph_sb_to_client(ci->vfs_inode.i_sb)->mdsc,
+ realm);
diff --git a/series.conf b/series.conf
index 71f7905985..9c54414a1c 100644
--- a/series.conf
+++ b/series.conf
@@ -24249,6 +24249,7 @@
patches.fixes/0001-fbdev-fbcon-Fix-unregister-crash-when-more-than-one-.patch
patches.fixes/rbd-don-t-return-0-on-unmap-if-rbd_dev_flag_removing-is-set.patch
patches.suse/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch
+ patches.fixes/ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch
patches.drivers/ibmveth-Do-not-process-frames-after-calling-napi_res.patch
patches.fixes/acpi-nfit-block-function-zero-dsms.patch
patches.fixes/acpi-nfit-fix-command-supported-detection.patch