iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12fe3dda7e
linux/fs/ceph
History
Luis Henriques 12fe3dda7e ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 
Calling ceph_buffer_put() in __ceph_build_xattrs_blob() may result in
freeing the i_xattrs.blob buffer while holding the i_ceph_lock.  This can
be fixed by having this function returning the old blob buffer and have
the callers of this function freeing it when the lock is released.

The following backtrace was triggered by fstests generic/117.

  BUG: sleeping function called from invalid context at mm/vmalloc.c:2283
  in_atomic(): 1, irqs_disabled(): 0, pid: 649, name: fsstress
  4 locks held by fsstress/649:
   #0: 00000000a7478e7e (&type->s_umount_key#19){++++}, at: iterate_supers+0x77/0xf0
   #1: 00000000f8de1423 (&(&ci->i_ceph_lock)->rlock){+.+.}, at: ceph_check_caps+0x7b/0xc60
   #2: 00000000562f2b27 (&s->s_mutex){+.+.}, at: ceph_check_caps+0x3bd/0xc60
   #3: 00000000f83ce16a (&mdsc->snap_rwsem){++++}, at: ceph_check_caps+0x3ed/0xc60
  CPU: 1 PID: 649 Comm: fsstress Not tainted 5.2.0+ #439
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-prebuilt.qemu.org 04/01/2014
  Call Trace:
   dump_stack+0x67/0x90
   ___might_sleep.cold+0x9f/0xb1
   vfree+0x4b/0x60
   ceph_buffer_release+0x1b/0x60
   __ceph_build_xattrs_blob+0x12b/0x170
   __send_cap+0x302/0x540
   ? __lock_acquire+0x23c/0x1e40
   ? __mark_caps_flushing+0x15c/0x280
   ? _raw_spin_unlock+0x24/0x30
   ceph_check_caps+0x5f0/0xc60
   ceph_flush_dirty_caps+0x7c/0x150
   ? __ia32_sys_fdatasync+0x20/0x20
   ceph_sync_fs+0x5a/0x130
   iterate_supers+0x8f/0xf0
   ksys_sync+0x4f/0xb0
   __ia32_sys_sync+0xa/0x10
   do_syscall_64+0x50/0x1c0
   entry_SYSCALL_64_after_hwframe+0x49/0xbe
  RIP: 0033:0x7fc6409ab617

Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2019-08-22 10:47:41 +02:00
..
acl.c ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx 2019-07-08 14:01:42 +02:00
addr.c ceph: increment change_attribute on local changes 2019-07-08 14:01:44 +02:00
cache.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 188 2019-05-30 11:29:21 -07:00
cache.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 188 2019-05-30 11:29:21 -07:00
caps.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-08-22 10:47:41 +02:00
ceph_frag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c Lots of exciting things this time! 2019-07-18 11:05:25 -07:00
dir.c Merge branch 'work.dcache2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-20 09:15:51 -07:00
export.c ceph: fix warning PTR_ERR_OR_ZERO can be used 2019-07-08 14:01:42 +02:00
file.c Lots of exciting things this time! 2019-07-18 11:05:25 -07:00
inode.c ceph: use generic_delete_inode() for ->drop_inode 2019-07-08 14:01:45 +02:00
ioctl.c libceph, ceph: move ceph_calc_file_object_mapping() to striper.c 2018-04-02 10:12:43 +02:00
ioctl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig ceph: add selinux support 2019-07-08 14:01:42 +02:00
locks.c ceph: remove duplicated filelock ref increase 2019-05-07 19:22:36 +02:00
Makefile ceph: quota: add initial infrastructure to support cephfs quotas 2018-04-02 11:17:51 +02:00
mds_client.c ceph: add change_attr field to ceph_inode_info 2019-07-08 14:01:43 +02:00
mds_client.h ceph: add change_attr field to ceph_inode_info 2019-07-08 14:01:43 +02:00
mdsmap.c ceph: have MDS map decoding use entity_addr_t decoder 2019-07-08 14:01:43 +02:00
quota.c ceph: fix infinite loop in get_quota_realm() 2019-07-08 14:01:42 +02:00
snap.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-08-22 10:47:41 +02:00
strings.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c Lots of exciting things this time! 2019-07-18 11:05:25 -07:00
super.h ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-08-22 10:47:41 +02:00
xattr.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-08-22 10:47:41 +02:00