| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2022 19:05:47 +0100
From: Ilya Dryomov <idryomov@...il.com>
To: xiubli@...hat.com
Cc: jlayton@...nel.org, ceph-devel@...r.kernel.org,
mchangir@...hat.com, lhenriques@...e.de, viro@...iv.linux.org.uk,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH v4 2/2] ceph: add ceph specific member support for file_lock
On Tue, Dec 13, 2022 at 1:11 PM <xiubli@...hat.com> wrote:
>
> From: Xiubo Li <xiubli@...hat.com>
>
> When ceph releasing the file_lock it will try to get the inode pointer
> from the fl->fl_file, which the memory could already be released by
> another thread in filp_close(). Because in VFS layer the fl->fl_file
> doesn't increase the file's reference counter.
>
> Will switch to use ceph dedicate lock info to track the inode.
>
> And in ceph_fl_release_lock() we should skip all the operations if
> the fl->fl_u.ceph_fl.fl_inode is not set, which should come from
> the request file_lock. And we will set fl->fl_u.ceph_fl.fl_inode when
> inserting it to the inode lock list, which is when copying the lock.
>
> Cc: stable@...r.kernel.org
> Cc: Jeff Layton <jlayton@...nel.org>
> URL: https://tracker.ceph.com/issues/57986
> Signed-off-by: Xiubo Li <xiubli@...hat.com>
> ---
> fs/ceph/locks.c | 20 ++++++++++++++++++--
> include/linux/fs.h | 3 +++
> 2 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ceph/locks.c b/fs/ceph/locks.c
> index b191426bf880..cf78608a3f9a 100644
> --- a/fs/ceph/locks.c
> +++ b/fs/ceph/locks.c
> @@ -34,18 +34,34 @@ static void ceph_fl_copy_lock(struct file_lock *dst, struct file_lock *src)
> {
> struct inode *inode = file_inode(dst->fl_file);
> atomic_inc(&ceph_inode(inode)->i_filelock_ref);
> + dst->fl_u.ceph.fl_inode = igrab(inode);
> }
>
> +/*
> + * Do not use the 'fl->fl_file' in release function, which
> + * is possibly already released by another thread.
> + */
> static void ceph_fl_release_lock(struct file_lock *fl)
> {
> - struct inode *inode = file_inode(fl->fl_file);
> - struct ceph_inode_info *ci = ceph_inode(inode);
> + struct inode *inode = fl->fl_u.ceph.fl_inode;
> + struct ceph_inode_info *ci;
> +
> + /*
> + * If inode is NULL it should be a request file_lock,
> + * nothing we can do.
> + */
> + if (!inode)
> + return;
> +
> + ci = ceph_inode(inode);
> if (atomic_dec_and_test(&ci->i_filelock_ref)) {
> /* clear error when all locks are released */
> spin_lock(&ci->i_ceph_lock);
> ci->i_ceph_flags &= ~CEPH_I_ERROR_FILELOCK;
> spin_unlock(&ci->i_ceph_lock);
> }
> + fl->fl_u.ceph.fl_inode = NULL;
> + iput(inode);
> }
>
> static const struct file_lock_operations ceph_fl_lock_ops = {
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 7b52fdfb6da0..6106374f5257 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1119,6 +1119,9 @@ struct file_lock {
> int state; /* state of grant or error if -ve */
> unsigned int debug_id;
> } afs;
> + struct {
> + struct inode *fl_inode;
Hi Xiubo,
Nit: I think it could be just "inode", without the prefix which is
already present in the union field name.
Thanks,
Ilya
Powered by blists - more mailing lists