0809e1087c
[ Upstream commit fe5e7ba11fcf1d75af8173836309e8562aefedef ] Commit 9287c6452d2b fixed a situation in which gfs2 could use a glock after it had been freed. To do that, it temporarily added a new glock reference by calling gfs2_glock_hold in function gfs2_add_revoke. However, if the bd element was removed by gfs2_trans_remove_revoke, it failed to drop the additional reference. This patch adds logic to gfs2_trans_remove_revoke to properly drop the additional glock reference. Fixes: 9287c6452d2b ("gfs2: Fix occasional glock use-after-free") Cc: stable@vger.kernel.org # v5.2+ Signed-off-by: Bob Peterson <rpeterso@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
86 lines
2.5 KiB
C
86 lines
2.5 KiB
C
/*
|
|
* Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
|
|
* Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
|
|
*
|
|
* This copyrighted material is made available to anyone wishing to use,
|
|
* modify, copy, or redistribute it subject to the terms and conditions
|
|
* of the GNU General Public License version 2.
|
|
*/
|
|
|
|
#ifndef __LOG_DOT_H__
|
|
#define __LOG_DOT_H__
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/writeback.h>
|
|
#include "incore.h"
|
|
#include "inode.h"
|
|
|
|
/**
|
|
* gfs2_log_lock - acquire the right to mess with the log manager
|
|
* @sdp: the filesystem
|
|
*
|
|
*/
|
|
|
|
static inline void gfs2_log_lock(struct gfs2_sbd *sdp)
|
|
__acquires(&sdp->sd_log_lock)
|
|
{
|
|
spin_lock(&sdp->sd_log_lock);
|
|
}
|
|
|
|
/**
|
|
* gfs2_log_unlock - release the right to mess with the log manager
|
|
* @sdp: the filesystem
|
|
*
|
|
*/
|
|
|
|
static inline void gfs2_log_unlock(struct gfs2_sbd *sdp)
|
|
__releases(&sdp->sd_log_lock)
|
|
{
|
|
spin_unlock(&sdp->sd_log_lock);
|
|
}
|
|
|
|
static inline void gfs2_log_pointers_init(struct gfs2_sbd *sdp,
|
|
unsigned int value)
|
|
{
|
|
if (++value == sdp->sd_jdesc->jd_blocks) {
|
|
value = 0;
|
|
}
|
|
sdp->sd_log_head = sdp->sd_log_tail = value;
|
|
}
|
|
|
|
static inline void gfs2_ordered_add_inode(struct gfs2_inode *ip)
|
|
{
|
|
struct gfs2_sbd *sdp;
|
|
|
|
if (!gfs2_is_ordered(ip))
|
|
return;
|
|
|
|
sdp = GFS2_SB(&ip->i_inode);
|
|
if (!test_bit(GIF_ORDERED, &ip->i_flags)) {
|
|
spin_lock(&sdp->sd_ordered_lock);
|
|
if (!test_and_set_bit(GIF_ORDERED, &ip->i_flags))
|
|
list_add(&ip->i_ordered, &sdp->sd_log_le_ordered);
|
|
spin_unlock(&sdp->sd_ordered_lock);
|
|
}
|
|
}
|
|
extern void gfs2_ordered_del_inode(struct gfs2_inode *ip);
|
|
extern unsigned int gfs2_struct2blk(struct gfs2_sbd *sdp, unsigned int nstruct,
|
|
unsigned int ssize);
|
|
|
|
extern void gfs2_log_release(struct gfs2_sbd *sdp, unsigned int blks);
|
|
extern int gfs2_log_reserve(struct gfs2_sbd *sdp, unsigned int blks);
|
|
extern void gfs2_write_log_header(struct gfs2_sbd *sdp, struct gfs2_jdesc *jd,
|
|
u64 seq, u32 tail, u32 flags, int op_flags);
|
|
extern void gfs2_log_flush(struct gfs2_sbd *sdp, struct gfs2_glock *gl,
|
|
u32 type);
|
|
extern void gfs2_log_commit(struct gfs2_sbd *sdp, struct gfs2_trans *trans);
|
|
extern void gfs2_ail1_flush(struct gfs2_sbd *sdp, struct writeback_control *wbc);
|
|
|
|
extern void gfs2_log_shutdown(struct gfs2_sbd *sdp);
|
|
extern int gfs2_logd(void *data);
|
|
extern void gfs2_add_revoke(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd);
|
|
extern void gfs2_glock_remove_revoke(struct gfs2_glock *gl);
|
|
extern void gfs2_write_revokes(struct gfs2_sbd *sdp);
|
|
|
|
#endif /* __LOG_DOT_H__ */
|