* [PATCH] ceph: fix NULL pointer dereference for req->r_session
@ 2022-10-27 9:11 xiubli
2022-11-07 14:55 ` Ilya Dryomov
0 siblings, 1 reply; 3+ messages in thread
From: xiubli @ 2022-10-27 9:11 UTC (permalink / raw)
To: ceph-devel; +Cc: lhenriques, jlayton, mchangir, idryomov, Xiubo Li, stable
From: Xiubo Li <xiubli@redhat.com>
The request's r_session maybe changed when it was forwarded or
resent.
Cc: stable@vger.kernel.org
Signed-off-by: Xiubo Li <xiubli@redhat.com>
---
fs/ceph/caps.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 894adfb4a092..d34ac716d7fe 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2341,6 +2341,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
goto out;
}
+ mutex_lock(&mdsc->mutex);
spin_lock(&ci->i_unsafe_lock);
if (req1) {
list_for_each_entry(req, &ci->i_unsafe_dirops,
@@ -2350,6 +2351,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
continue;
if (unlikely(s->s_mds >= max_sessions)) {
spin_unlock(&ci->i_unsafe_lock);
+ mutex_unlock(&mdsc->mutex);
for (i = 0; i < max_sessions; i++) {
s = sessions[i];
if (s)
@@ -2372,6 +2374,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
continue;
if (unlikely(s->s_mds >= max_sessions)) {
spin_unlock(&ci->i_unsafe_lock);
+ mutex_unlock(&mdsc->mutex);
for (i = 0; i < max_sessions; i++) {
s = sessions[i];
if (s)
@@ -2387,6 +2390,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
}
}
spin_unlock(&ci->i_unsafe_lock);
+ mutex_unlock(&mdsc->mutex);
/* the auth MDS */
spin_lock(&ci->i_ceph_lock);
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ceph: fix NULL pointer dereference for req->r_session
2022-10-27 9:11 [PATCH] ceph: fix NULL pointer dereference for req->r_session xiubli
@ 2022-11-07 14:55 ` Ilya Dryomov
2022-11-08 3:35 ` Xiubo Li
0 siblings, 1 reply; 3+ messages in thread
From: Ilya Dryomov @ 2022-11-07 14:55 UTC (permalink / raw)
To: xiubli; +Cc: ceph-devel, lhenriques, jlayton, mchangir, stable
On Thu, Oct 27, 2022 at 11:12 AM <xiubli@redhat.com> wrote:
>
> From: Xiubo Li <xiubli@redhat.com>
>
> The request's r_session maybe changed when it was forwarded or
> resent.
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Xiubo Li <xiubli@redhat.com>
> ---
> fs/ceph/caps.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
> index 894adfb4a092..d34ac716d7fe 100644
> --- a/fs/ceph/caps.c
> +++ b/fs/ceph/caps.c
> @@ -2341,6 +2341,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
> goto out;
> }
>
> + mutex_lock(&mdsc->mutex);
Hi Xiubo,
A few lines above, there is the following comment:
/*
* The mdsc->max_sessions is unlikely to be changed
* mostly, here we will retry it by reallocating the
* sessions array memory to get rid of the mdsc->mutex
* lock.
*/
Does retry label and gotos still make sense if mdsc->mutex is
introduced? Would it make sense to move it up and get rid of
retry code?
Thanks,
Ilya
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ceph: fix NULL pointer dereference for req->r_session
2022-11-07 14:55 ` Ilya Dryomov
@ 2022-11-08 3:35 ` Xiubo Li
0 siblings, 0 replies; 3+ messages in thread
From: Xiubo Li @ 2022-11-08 3:35 UTC (permalink / raw)
To: Ilya Dryomov; +Cc: ceph-devel, lhenriques, jlayton, mchangir, stable
On 07/11/2022 22:55, Ilya Dryomov wrote:
> On Thu, Oct 27, 2022 at 11:12 AM <xiubli@redhat.com> wrote:
>> From: Xiubo Li <xiubli@redhat.com>
>>
>> The request's r_session maybe changed when it was forwarded or
>> resent.
>>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Xiubo Li <xiubli@redhat.com>
>> ---
>> fs/ceph/caps.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
>> index 894adfb4a092..d34ac716d7fe 100644
>> --- a/fs/ceph/caps.c
>> +++ b/fs/ceph/caps.c
>> @@ -2341,6 +2341,7 @@ static int flush_mdlog_and_wait_inode_unsafe_requests(struct inode *inode)
>> goto out;
>> }
>>
>> + mutex_lock(&mdsc->mutex);
> Hi Xiubo,
>
> A few lines above, there is the following comment:
>
> /*
> * The mdsc->max_sessions is unlikely to be changed
> * mostly, here we will retry it by reallocating the
> * sessions array memory to get rid of the mdsc->mutex
> * lock.
> */
>
> Does retry label and gotos still make sense if mdsc->mutex is
> introduced? Would it make sense to move it up and get rid of
> retry code?
I'm okay to remove the label since we will introduce the mdsc->mutex.
Thanks!
- Xiubo
> Thanks,
>
> Ilya
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-08 3:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-27 9:11 [PATCH] ceph: fix NULL pointer dereference for req->r_session xiubli
2022-11-07 14:55 ` Ilya Dryomov
2022-11-08 3:35 ` Xiubo Li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.