github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
c8ec8ccf1b
linux/fs/ceph
History
Luis Henriques 53a27c6faf ceph: fix race in concurrent __ceph_remove_cap invocations 
commit e5cafce3ad upstream.

A NULL pointer dereference may occur in __ceph_remove_cap with some of the
callbacks used in ceph_iterate_session_caps, namely trim_caps_cb and
remove_session_caps_cb. Those callers hold the session->s_mutex, so they
are prevented from concurrent execution, but ceph_evict_inode does not.

Since the callers of this function hold the i_ceph_lock, the fix is simply
a matter of returning immediately if caps->ci is NULL.

Cc: stable@vger.kernel.org
URL: https://tracker.ceph.com/issues/43272
Suggested-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Luis Henriques <lhenriques@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:13 +01:00
..
acl.c ceph: return errors from posix_acl_equiv_mode() correctly 2018-08-02 21:26:12 +02:00
addr.c ceph: promote to unsigned long long before shifting 2020-11-05 11:08:53 +01:00
cache.c ceph: use timespec64 for inode timestamp 2018-08-02 21:26:12 +02:00
cache.h ceph: improve fscache revalidation 2016-06-01 10:31:50 +02:00
caps.c ceph: fix race in concurrent __ceph_remove_cap invocations 2020-12-30 11:26:13 +01:00
ceph_frag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c libceph, ceph: change permission for readonly debugfs entries 2018-04-02 10:12:45 +02:00
dir.c ceph: ensure d_name stability in ceph_dentry_hash() 2019-05-02 09:58:54 +02:00
export.c ceph: return ceph_mdsc_do_request() errors from __get_parent() 2020-04-29 16:31:10 +02:00
file.c ceph: don't allow setlease on cephfs 2020-09-09 19:04:23 +02:00
inode.c ceph: ensure we have a new cap before continuing in fill_inode 2020-10-01 13:14:31 +02:00
ioctl.c libceph, ceph: move ceph_calc_file_object_mapping() to striper.c 2018-04-02 10:12:43 +02:00
ioctl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at 2018-01-01 12:45:37 -07:00
locks.c ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply 2019-08-29 08:28:50 +02:00
Makefile ceph: quota: add initial infrastructure to support cephfs quotas 2018-04-02 11:17:51 +02:00
mds_client.c ceph: fix potential mdsc use-after-free crash 2020-09-03 11:24:22 +02:00
mds_client.h ceph: support cephfs' own feature bits 2018-08-13 17:55:44 +02:00
mdsmap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quota.c ceph: quota: fix null pointer dereference in quota check 2018-11-27 16:13:05 +01:00
snap.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-09-10 10:33:52 +01:00
strings.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c ceph: canonicalize server path in place 2020-04-13 10:45:12 +02:00
super.h ceph: canonicalize server path in place 2020-04-13 10:45:12 +02:00
xattr.c ceph: fix "ceph.dir.rctime" vxattr value 2020-01-27 14:51:00 +01:00