From patchwork Thu Jan 10 08:03:59 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yan, Zheng" <zyan@redhat.com>
X-Patchwork-Id: 10755283
Return-Path: <ceph-devel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D8FC113B5
	for <patchwork-ceph-devel@patchwork.kernel.org>;
 Thu, 10 Jan 2019 08:04:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB311280FC
	for <patchwork-ceph-devel@patchwork.kernel.org>;
 Thu, 10 Jan 2019 08:04:05 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BC8B528481; Thu, 10 Jan 2019 08:04:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 76D3A280FC
	for <patchwork-ceph-devel@patchwork.kernel.org>;
 Thu, 10 Jan 2019 08:04:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727643AbfAJIED (ORCPT
        <rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
        Thu, 10 Jan 2019 03:04:03 -0500
Received: from mx1.redhat.com ([209.132.183.28]:56952 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727401AbfAJIED (ORCPT <rfc822;ceph-devel@vger.kernel.org>);
        Thu, 10 Jan 2019 03:04:03 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 80ABA6147B;
        Thu, 10 Jan 2019 08:04:03 +0000 (UTC)
Received: from zhyan-laptop.redhat.com (ovpn-12-104.pek2.redhat.com
 [10.72.12.104])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 0193C68B09;
        Thu, 10 Jan 2019 08:04:01 +0000 (UTC)
From: "Yan, Zheng" <zyan@redhat.com>
To: ceph-devel@vger.kernel.org
Cc: lhenriques@suse.com
Subject: [PATCH] ceph: clear inode pointer when snap realm gets dropped by its
 inode
Date: Thu, 10 Jan 2019 16:03:59 +0800
Message-Id: <20190110080359.19469-1-zyan@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Thu, 10 Jan 2019 08:04:03 +0000 (UTC)
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

snap realm and corresponding inode have pointers to each other.
The two pointer should get clear at the same time. Otherwise,
snap realm's pointer may reference freed inode.

Cc: stable@vger.kernel.org #4.17+
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Luis Henriques <lhenriques@suse.com>
---
 fs/ceph/caps.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 9a7c999d608b..0eaf1b48c431 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -1035,6 +1035,8 @@ static void drop_inode_snap_realm(struct ceph_inode_info *ci)
 	list_del_init(&ci->i_snap_realm_item);
 	ci->i_snap_realm_counter++;
 	ci->i_snap_realm = NULL;
+	if (realm->ino == ci->i_vino.ino)
+		realm->inode = NULL;
 	spin_unlock(&realm->inodes_with_caps_lock);
 	ceph_put_snap_realm(ceph_sb_to_client(ci->vfs_inode.i_sb)->mdsc,
 			    realm);