linux_dsm_epyc7002/fs/ceph
Jeff Layton 9c1c2b35f1 ceph: hold extra reference to r_parent over life of request
Currently, we just assume that it will stick around by virtue of the
submitter's reference, but later patches will allow the syscall to
return early and we can't rely on that reference at that point.

While I'm not aware of any reports of it, Xiubo pointed out that this
may fix a use-after-free.  If the wait for a reply times out or is
canceled via signal, and then the reply comes in after the syscall
returns, the client can end up trying to access r_parent without a
reference.

Take an extra reference to the inode when setting r_parent and release
it when releasing the request.

Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2020-01-21 19:02:37 +01:00
..
acl.c ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx 2019-07-08 14:01:42 +02:00
addr.c ceph: use release_pages() directly 2019-09-16 12:06:25 +02:00
cache.c libceph, rbd, ceph: convert to use the new mount API 2019-11-27 22:28:37 +01:00
cache.h libceph, rbd, ceph: convert to use the new mount API 2019-11-27 22:28:37 +01:00
caps.c ceph: switch to global cap helper 2019-12-09 20:55:10 +01:00
ceph_frag.c
debugfs.c ceph: show tasks waiting on caps in debugfs caps file 2019-12-09 20:55:10 +01:00
dir.c compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
export.c ceph: move static keyword to the front of declarations 2019-09-16 12:06:25 +02:00
file.c compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
inode.c ceph: add missing check in d_revalidate snapdir handling 2019-10-29 22:29:55 +01:00
io.c ceph: add buffered/direct exclusionary locking for reads and writes 2019-09-16 12:06:25 +02:00
io.h ceph: add buffered/direct exclusionary locking for reads and writes 2019-09-16 12:06:25 +02:00
ioctl.c
ioctl.h
Kconfig ceph: add selinux support 2019-07-08 14:01:42 +02:00
locks.c ceph: return -EIO if read/write against filp that lost file locks 2019-09-16 12:06:24 +02:00
Makefile ceph: add buffered/direct exclusionary locking for reads and writes 2019-09-16 12:06:25 +02:00
mds_client.c ceph: hold extra reference to r_parent over life of request 2020-01-21 19:02:37 +01:00
mds_client.h ceph: show tasks waiting on caps in debugfs caps file 2019-12-09 20:55:10 +01:00
mdsmap.c ceph: add more debug info when decoding mdsmap 2019-12-09 20:55:10 +01:00
quota.c ceph: fix infinite loop in get_quota_realm() 2019-07-08 14:01:42 +02:00
snap.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-08-22 10:47:41 +02:00
strings.c
super.c ceph: convert int fields in ceph_mount_options to unsigned int 2019-12-09 20:55:10 +01:00
super.h ceph: convert int fields in ceph_mount_options to unsigned int 2019-12-09 20:55:10 +01:00
xattr.c ceph: allow arbitrary security.* xattrs 2019-09-16 12:06:25 +02:00