ceph: protect access to d_parent
d_parent is protected by d_lock: use it when looking up a dentry's parent directory inode. Also take a reference and drop it in the caller to avoid a use-after-free. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Reviewed-by: Yehuda Sadeh <yehuda@hq.newdream.net> Signed-off-by: Sage Weil <sage@newdream.net>
This commit is contained in:
parent
48d0cbd124
commit
5f21c96dd5
6 changed files with 33 additions and 15 deletions
|
@ -71,6 +71,21 @@ int ceph_init_dentry(struct dentry *dentry)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct inode *ceph_get_dentry_parent_inode(struct dentry *dentry)
|
||||||
|
{
|
||||||
|
struct inode *inode = NULL;
|
||||||
|
|
||||||
|
if (!dentry)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
spin_lock(&dentry->d_lock);
|
||||||
|
if (dentry->d_parent) {
|
||||||
|
inode = dentry->d_parent->d_inode;
|
||||||
|
ihold(inode);
|
||||||
|
}
|
||||||
|
spin_unlock(&dentry->d_lock);
|
||||||
|
return inode;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -122,7 +122,7 @@ int ceph_open(struct inode *inode, struct file *file)
|
||||||
struct ceph_mds_client *mdsc = fsc->mdsc;
|
struct ceph_mds_client *mdsc = fsc->mdsc;
|
||||||
struct ceph_mds_request *req;
|
struct ceph_mds_request *req;
|
||||||
struct ceph_file_info *cf = file->private_data;
|
struct ceph_file_info *cf = file->private_data;
|
||||||
struct inode *parent_inode = file->f_dentry->d_parent->d_inode;
|
struct inode *parent_inode = NULL;
|
||||||
int err;
|
int err;
|
||||||
int flags, fmode, wanted;
|
int flags, fmode, wanted;
|
||||||
|
|
||||||
|
@ -194,8 +194,10 @@ int ceph_open(struct inode *inode, struct file *file)
|
||||||
req->r_inode = inode;
|
req->r_inode = inode;
|
||||||
ihold(inode);
|
ihold(inode);
|
||||||
req->r_num_caps = 1;
|
req->r_num_caps = 1;
|
||||||
err = ceph_mdsc_do_request(mdsc, (flags & (O_CREAT|O_TRUNC)) ?
|
if (flags & (O_CREAT|O_TRUNC))
|
||||||
parent_inode : NULL, req);
|
parent_inode = ceph_get_dentry_parent_inode(file->f_dentry);
|
||||||
|
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
||||||
|
iput(parent_inode);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = ceph_init_file(inode, file, req->r_fmode);
|
err = ceph_init_file(inode, file, req->r_fmode);
|
||||||
ceph_mdsc_put_request(req);
|
ceph_mdsc_put_request(req);
|
||||||
|
|
|
@ -1562,7 +1562,7 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr)
|
||||||
{
|
{
|
||||||
struct inode *inode = dentry->d_inode;
|
struct inode *inode = dentry->d_inode;
|
||||||
struct ceph_inode_info *ci = ceph_inode(inode);
|
struct ceph_inode_info *ci = ceph_inode(inode);
|
||||||
struct inode *parent_inode = dentry->d_parent->d_inode;
|
struct inode *parent_inode;
|
||||||
const unsigned int ia_valid = attr->ia_valid;
|
const unsigned int ia_valid = attr->ia_valid;
|
||||||
struct ceph_mds_request *req;
|
struct ceph_mds_request *req;
|
||||||
struct ceph_mds_client *mdsc = ceph_sb_to_client(dentry->d_sb)->mdsc;
|
struct ceph_mds_client *mdsc = ceph_sb_to_client(dentry->d_sb)->mdsc;
|
||||||
|
@ -1745,7 +1745,9 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr)
|
||||||
req->r_inode_drop = release;
|
req->r_inode_drop = release;
|
||||||
req->r_args.setattr.mask = cpu_to_le32(mask);
|
req->r_args.setattr.mask = cpu_to_le32(mask);
|
||||||
req->r_num_caps = 1;
|
req->r_num_caps = 1;
|
||||||
|
parent_inode = ceph_get_dentry_parent_inode(dentry);
|
||||||
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
||||||
|
iput(parent_inode);
|
||||||
}
|
}
|
||||||
dout("setattr %p result=%d (%s locally, %d remote)\n", inode, err,
|
dout("setattr %p result=%d (%s locally, %d remote)\n", inode, err,
|
||||||
ceph_cap_string(dirtied), mask);
|
ceph_cap_string(dirtied), mask);
|
||||||
|
|
|
@ -38,7 +38,7 @@ static long ceph_ioctl_get_layout(struct file *file, void __user *arg)
|
||||||
static long ceph_ioctl_set_layout(struct file *file, void __user *arg)
|
static long ceph_ioctl_set_layout(struct file *file, void __user *arg)
|
||||||
{
|
{
|
||||||
struct inode *inode = file->f_dentry->d_inode;
|
struct inode *inode = file->f_dentry->d_inode;
|
||||||
struct inode *parent_inode = file->f_dentry->d_parent->d_inode;
|
struct inode *parent_inode;
|
||||||
struct ceph_mds_client *mdsc = ceph_sb_to_client(inode->i_sb)->mdsc;
|
struct ceph_mds_client *mdsc = ceph_sb_to_client(inode->i_sb)->mdsc;
|
||||||
struct ceph_mds_request *req;
|
struct ceph_mds_request *req;
|
||||||
struct ceph_ioctl_layout l;
|
struct ceph_ioctl_layout l;
|
||||||
|
@ -87,7 +87,9 @@ static long ceph_ioctl_set_layout(struct file *file, void __user *arg)
|
||||||
req->r_args.setlayout.layout.fl_pg_preferred =
|
req->r_args.setlayout.layout.fl_pg_preferred =
|
||||||
cpu_to_le32(l.preferred_osd);
|
cpu_to_le32(l.preferred_osd);
|
||||||
|
|
||||||
|
parent_inode = ceph_get_dentry_parent_inode(file->f_dentry);
|
||||||
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
||||||
|
iput(parent_inode);
|
||||||
ceph_mdsc_put_request(req);
|
ceph_mdsc_put_request(req);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
|
@ -801,6 +801,7 @@ extern void ceph_dentry_lru_touch(struct dentry *dn);
|
||||||
extern void ceph_dentry_lru_del(struct dentry *dn);
|
extern void ceph_dentry_lru_del(struct dentry *dn);
|
||||||
extern void ceph_invalidate_dentry_lease(struct dentry *dentry);
|
extern void ceph_invalidate_dentry_lease(struct dentry *dentry);
|
||||||
extern unsigned ceph_dentry_hash(struct dentry *dn);
|
extern unsigned ceph_dentry_hash(struct dentry *dn);
|
||||||
|
extern struct inode *ceph_get_dentry_parent_inode(struct dentry *dentry);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* our d_ops vary depending on whether the inode is live,
|
* our d_ops vary depending on whether the inode is live,
|
||||||
|
@ -823,14 +824,6 @@ extern int ceph_encode_locks(struct inode *i, struct ceph_pagelist *p,
|
||||||
int p_locks, int f_locks);
|
int p_locks, int f_locks);
|
||||||
extern int lock_to_ceph_filelock(struct file_lock *fl, struct ceph_filelock *c);
|
extern int lock_to_ceph_filelock(struct file_lock *fl, struct ceph_filelock *c);
|
||||||
|
|
||||||
static inline struct inode *get_dentry_parent_inode(struct dentry *dentry)
|
|
||||||
{
|
|
||||||
if (dentry && dentry->d_parent)
|
|
||||||
return dentry->d_parent->d_inode;
|
|
||||||
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* debugfs.c */
|
/* debugfs.c */
|
||||||
extern int ceph_fs_debugfs_init(struct ceph_fs_client *client);
|
extern int ceph_fs_debugfs_init(struct ceph_fs_client *client);
|
||||||
extern void ceph_fs_debugfs_cleanup(struct ceph_fs_client *client);
|
extern void ceph_fs_debugfs_cleanup(struct ceph_fs_client *client);
|
||||||
|
|
|
@ -629,7 +629,7 @@ static int ceph_sync_setxattr(struct dentry *dentry, const char *name,
|
||||||
struct ceph_fs_client *fsc = ceph_sb_to_client(dentry->d_sb);
|
struct ceph_fs_client *fsc = ceph_sb_to_client(dentry->d_sb);
|
||||||
struct inode *inode = dentry->d_inode;
|
struct inode *inode = dentry->d_inode;
|
||||||
struct ceph_inode_info *ci = ceph_inode(inode);
|
struct ceph_inode_info *ci = ceph_inode(inode);
|
||||||
struct inode *parent_inode = dentry->d_parent->d_inode;
|
struct inode *parent_inode;
|
||||||
struct ceph_mds_request *req;
|
struct ceph_mds_request *req;
|
||||||
struct ceph_mds_client *mdsc = fsc->mdsc;
|
struct ceph_mds_client *mdsc = fsc->mdsc;
|
||||||
int err;
|
int err;
|
||||||
|
@ -677,7 +677,9 @@ static int ceph_sync_setxattr(struct dentry *dentry, const char *name,
|
||||||
req->r_data_len = size;
|
req->r_data_len = size;
|
||||||
|
|
||||||
dout("xattr.ver (before): %lld\n", ci->i_xattrs.version);
|
dout("xattr.ver (before): %lld\n", ci->i_xattrs.version);
|
||||||
|
parent_inode = ceph_get_dentry_parent_inode(dentry);
|
||||||
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
||||||
|
iput(parent_inode);
|
||||||
ceph_mdsc_put_request(req);
|
ceph_mdsc_put_request(req);
|
||||||
dout("xattr.ver (after): %lld\n", ci->i_xattrs.version);
|
dout("xattr.ver (after): %lld\n", ci->i_xattrs.version);
|
||||||
|
|
||||||
|
@ -788,7 +790,7 @@ static int ceph_send_removexattr(struct dentry *dentry, const char *name)
|
||||||
struct ceph_fs_client *fsc = ceph_sb_to_client(dentry->d_sb);
|
struct ceph_fs_client *fsc = ceph_sb_to_client(dentry->d_sb);
|
||||||
struct ceph_mds_client *mdsc = fsc->mdsc;
|
struct ceph_mds_client *mdsc = fsc->mdsc;
|
||||||
struct inode *inode = dentry->d_inode;
|
struct inode *inode = dentry->d_inode;
|
||||||
struct inode *parent_inode = dentry->d_parent->d_inode;
|
struct inode *parent_inode;
|
||||||
struct ceph_mds_request *req;
|
struct ceph_mds_request *req;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
|
@ -802,7 +804,9 @@ static int ceph_send_removexattr(struct dentry *dentry, const char *name)
|
||||||
req->r_num_caps = 1;
|
req->r_num_caps = 1;
|
||||||
req->r_path2 = kstrdup(name, GFP_NOFS);
|
req->r_path2 = kstrdup(name, GFP_NOFS);
|
||||||
|
|
||||||
|
parent_inode = ceph_get_dentry_parent_inode(dentry);
|
||||||
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
err = ceph_mdsc_do_request(mdsc, parent_inode, req);
|
||||||
|
iput(parent_inode);
|
||||||
ceph_mdsc_put_request(req);
|
ceph_mdsc_put_request(req);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue