diff options
| author | Yan, Zheng <[email protected]> | 2017-11-27 03:23:48 +0000 |
|---|---|---|
| committer | Ilya Dryomov <[email protected]> | 2018-01-29 17:36:07 +0000 |
| commit | 5495c2d04f85da09512f5f346ed24dc0261d905d (patch) | |
| tree | 3a6f0c53be2012bc86aba2ef8eb31cd3c3f4cd2b /tools/perf/scripts/python | |
| parent | ceph: use atomic_t for ceph_inode_info::i_shared_gen (diff) | |
| download | kernel-5495c2d04f85da09512f5f346ed24dc0261d905d.tar.gz kernel-5495c2d04f85da09512f5f346ed24dc0261d905d.zip | |
ceph: avoid dereferencing invalid pointer during cached readdir
Readdir cache keeps array of dentry pointers in page cache. If any
dentry in readdir cache gets pruned, ceph_d_prune() disables readdir
cache for later readdir syscall. The problem is that ceph_d_prune()
ignores unhashed dentry. Ideally MDS should have already revoked
CEPH_CAP_FILE_SHARED (which also disables readdir cache) when dentry
gets unhashed. But if it is somehow MDS does not properly revoke
CEPH_CAP_FILE_SHARED and the unhashed dentry gets pruned later,
ceph_d_prune() will not disable readdir cache, later readdir may
reference invalid dentry pointer.
The fix is make ceph_d_prune() do extra check for unhashed dentry.
Disable readdir cache if the unhashed dentry is still referenced
by readdir cache.
Another fix in this patch is handle d_splice_alias(). If a dentry
gets spliced into new parent dentry, treat it as if it was pruned
(call ceph_d_prune() for it).
Signed-off-by: "Yan, Zheng" <[email protected]>
Acked-by: Jeff Layton <[email protected]>
Signed-off-by: Ilya Dryomov <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions