d033576669
[ Upstream commit fa9967734227b44acb1b6918033f9122dc7825b9 ] Make sure the delayed work stopped before releasing the resources. cancel_delayed_work_sync() will only guarantee that the work finishes executing if the work is already in the ->worklist. That means after the cancel_delayed_work_sync() returns, it will leave the work requeued if it was rearmed at the end. That can lead to a use after free once the work struct is freed. Fix it by flushing the delayed work instead of trying to cancel it, and ensure that the work doesn't rearm if the mdsc is stopping. URL: https://tracker.ceph.com/issues/46293 Signed-off-by: Xiubo Li <xiubli@redhat.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|---|---|---|
| .. | ||
| acl.c | ||
| addr.c | ||
| cache.c | ||
| cache.h | ||
| caps.c | ||
| ceph_frag.c | ||
| debugfs.c | ||
| dir.c | ||
| export.c | ||
| file.c | ||
| inode.c | ||
| ioctl.c | ||
| ioctl.h | ||
| Kconfig | ||
| locks.c | ||
| Makefile | ||
| mds_client.c | ||
| mds_client.h | ||
| mdsmap.c | ||
| quota.c | ||
| snap.c | ||
| strings.c | ||
| super.c | ||
| super.h | ||
| xattr.c | ||