ceph: fix potential use-after-free bug when trimming caps - kernel

diff options

author	Xiubo Li <[email protected]>	2023-04-19 02:39:14 +0000
committer	Ilya Dryomov <[email protected]>	2023-04-30 10:37:28 +0000
commit	aaf67de78807c59c35bafb5003d4fb457c764800 (patch)
tree	ca4240b921c125f5ec462f01284da73f6b182ca4 /tools/perf/util/trace-event-scripting.c
parent	ceph: implement writeback livelock avoidance using page tagging (diff)
download	kernel-aaf67de78807c59c35bafb5003d4fb457c764800.tar.gz kernel-aaf67de78807c59c35bafb5003d4fb457c764800.zip

ceph: fix potential use-after-free bug when trimming caps

When trimming the caps and just after the 'session->s_cap_lock' is released in ceph_iterate_session_caps() the cap maybe removed by another thread, and when using the stale cap memory in the callbacks it will trigger use-after-free crash. We need to check the existence of the cap just after the 'ci->i_ceph_lock' being acquired. And do nothing if it's already removed. Cc: [email protected] Link: https://tracker.ceph.com/issues/43272 Signed-off-by: Xiubo Li <[email protected]> Reviewed-by: Luís Henriques <[email protected]> Signed-off-by: Ilya Dryomov <[email protected]>

Diffstat (limited to 'tools/perf/util/trace-event-scripting.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: