github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
dc828b79fe
linux/fs/ceph
History
Xiubo Li d033576669 ceph: fix potential mdsc use-after-free crash 
[ Upstream commit fa99677342 ]

Make sure the delayed work stopped before releasing the resources.

cancel_delayed_work_sync() will only guarantee that the work finishes
executing if the work is already in the ->worklist.  That means after
the cancel_delayed_work_sync() returns, it will leave the work requeued
if it was rearmed at the end. That can lead to a use after free once the
work struct is freed.

Fix it by flushing the delayed work instead of trying to cancel it, and
ensure that the work doesn't rearm if the mdsc is stopping.

URL: https://tracker.ceph.com/issues/46293
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-09-03 11:24:22 +02:00
..
acl.c ceph: return errors from posix_acl_equiv_mode() correctly 2018-08-02 21:26:12 +02:00
addr.c ceph: clear page dirty before invalidate page 2019-08-29 08:28:50 +02:00
cache.c ceph: use timespec64 for inode timestamp 2018-08-02 21:26:12 +02:00
cache.h
caps.c ceph: fix double unlock in handle_cap_export() 2020-05-27 17:37:34 +02:00
ceph_frag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c libceph, ceph: change permission for readonly debugfs entries 2018-04-02 10:12:45 +02:00
dir.c ceph: ensure d_name stability in ceph_dentry_hash() 2019-05-02 09:58:54 +02:00
export.c ceph: return ceph_mdsc_do_request() errors from __get_parent() 2020-04-29 16:31:10 +02:00
file.c ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL 2020-04-02 15:28:16 +02:00
inode.c ceph: fix dentry leak in ceph_readdir_prepopulate 2019-12-01 09:16:48 +01:00
ioctl.c libceph, ceph: move ceph_calc_file_object_mapping() to striper.c 2018-04-02 10:12:43 +02:00
ioctl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at 2018-01-01 12:45:37 -07:00
locks.c ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply 2019-08-29 08:28:50 +02:00
Makefile ceph: quota: add initial infrastructure to support cephfs quotas 2018-04-02 11:17:51 +02:00
mds_client.c ceph: fix potential mdsc use-after-free crash 2020-09-03 11:24:22 +02:00
mds_client.h ceph: support cephfs' own feature bits 2018-08-13 17:55:44 +02:00
mdsmap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quota.c ceph: quota: fix null pointer dereference in quota check 2018-11-27 16:13:05 +01:00
snap.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-09-10 10:33:52 +01:00
strings.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c ceph: canonicalize server path in place 2020-04-13 10:45:12 +02:00
super.h ceph: canonicalize server path in place 2020-04-13 10:45:12 +02:00
xattr.c ceph: fix "ceph.dir.rctime" vxattr value 2020-01-27 14:51:00 +01:00