From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Bob Peterson <rpeterso@redhat.com>,
Andreas Gruenbacher <agruenba@redhat.com>
Subject: [PATCH 5.4 18/80] gfs2: fix glock reference problem in gfs2_trans_remove_revoke
Date: Thu, 19 Dec 2019 19:34:10 +0100 [thread overview]
Message-ID: <20191219183056.023477756@linuxfoundation.org> (raw)
In-Reply-To: <20191219183031.278083125@linuxfoundation.org>
From: Bob Peterson <rpeterso@redhat.com>
commit fe5e7ba11fcf1d75af8173836309e8562aefedef upstream.
Commit 9287c6452d2b fixed a situation in which gfs2 could use a glock
after it had been freed. To do that, it temporarily added a new glock
reference by calling gfs2_glock_hold in function gfs2_add_revoke.
However, if the bd element was removed by gfs2_trans_remove_revoke, it
failed to drop the additional reference.
This patch adds logic to gfs2_trans_remove_revoke to properly drop the
additional glock reference.
Fixes: 9287c6452d2b ("gfs2: Fix occasional glock use-after-free")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/log.c | 8 ++++++++
fs/gfs2/log.h | 1 +
fs/gfs2/lops.c | 5 +----
fs/gfs2/trans.c | 2 ++
4 files changed, 12 insertions(+), 4 deletions(-)
--- a/fs/gfs2/log.c
+++ b/fs/gfs2/log.c
@@ -609,6 +609,14 @@ void gfs2_add_revoke(struct gfs2_sbd *sd
list_add(&bd->bd_list, &sdp->sd_log_revokes);
}
+void gfs2_glock_remove_revoke(struct gfs2_glock *gl)
+{
+ if (atomic_dec_return(&gl->gl_revokes) == 0) {
+ clear_bit(GLF_LFLUSH, &gl->gl_flags);
+ gfs2_glock_queue_put(gl);
+ }
+}
+
void gfs2_write_revokes(struct gfs2_sbd *sdp)
{
struct gfs2_trans *tr;
--- a/fs/gfs2/log.h
+++ b/fs/gfs2/log.h
@@ -77,6 +77,7 @@ extern void gfs2_ail1_flush(struct gfs2_
extern void gfs2_log_shutdown(struct gfs2_sbd *sdp);
extern int gfs2_logd(void *data);
extern void gfs2_add_revoke(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd);
+extern void gfs2_glock_remove_revoke(struct gfs2_glock *gl);
extern void gfs2_write_revokes(struct gfs2_sbd *sdp);
#endif /* __LOG_DOT_H__ */
--- a/fs/gfs2/lops.c
+++ b/fs/gfs2/lops.c
@@ -882,10 +882,7 @@ static void revoke_lo_after_commit(struc
bd = list_entry(head->next, struct gfs2_bufdata, bd_list);
list_del_init(&bd->bd_list);
gl = bd->bd_gl;
- if (atomic_dec_return(&gl->gl_revokes) == 0) {
- clear_bit(GLF_LFLUSH, &gl->gl_flags);
- gfs2_glock_queue_put(gl);
- }
+ gfs2_glock_remove_revoke(gl);
kmem_cache_free(gfs2_bufdata_cachep, bd);
}
}
--- a/fs/gfs2/trans.c
+++ b/fs/gfs2/trans.c
@@ -262,6 +262,8 @@ void gfs2_trans_remove_revoke(struct gfs
list_del_init(&bd->bd_list);
gfs2_assert_withdraw(sdp, sdp->sd_log_num_revoke);
sdp->sd_log_num_revoke--;
+ if (bd->bd_gl)
+ gfs2_glock_remove_revoke(bd->bd_gl);
kmem_cache_free(gfs2_bufdata_cachep, bd);
tr->tr_num_revoke--;
if (--n == 0)
next prev parent reply other threads:[~2019-12-19 18:59 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-19 18:33 [PATCH 5.4 00/80] 5.4.6-stable review Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 01/80] USB: Fix incorrect DMA allocations for local memory pool drivers Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 02/80] mmc: block: Make card_busy_detect() a bit more generic Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 03/80] mmc: block: Add CMD13 polling for MMC IOCTLS with R1B response Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 04/80] mmc: core: Drop check for mmc_card_is_removable() in mmc_rescan() Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 05/80] mmc: core: Re-work HW reset for SDIO cards Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 06/80] PCI/switchtec: Read all 64 bits of part_event_bitmap Greg Kroah-Hartman
2019-12-19 18:33 ` [PATCH 5.4 07/80] PCI/PM: Always return devices to D0 when thawing Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 08/80] PCI: pciehp: Avoid returning prematurely from sysfs requests Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 09/80] PCI: Fix Intel ACS quirk UPDCR register address Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 10/80] PCI/MSI: Fix incorrect MSI-X masking on resume Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 11/80] PCI: Do not use bus number zero from EA capability Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 12/80] PCI: rcar: Fix missing MACCTLR register setting in initialization sequence Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 13/80] PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 14/80] PM / QoS: Redefine FREQ_QOS_MAX_DEFAULT_VALUE to S32_MAX Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 15/80] block: fix "check bi_size overflow before merge" Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 16/80] xtensa: use MEMBLOCK_ALLOC_ANYWHERE for KASAN shadow map Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 17/80] gfs2: Multi-block allocations in gfs2_page_mkwrite Greg Kroah-Hartman
2019-12-19 18:34 ` Greg Kroah-Hartman [this message]
2019-12-19 18:34 ` [PATCH 5.4 19/80] xtensa: fix TLB sanity checker Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 20/80] xtensa: fix syscall_set_return_value Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 21/80] rpmsg: glink: Set tail pointer to 0 at end of FIFO Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 22/80] rpmsg: glink: Fix reuse intents memory leak issue Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 23/80] rpmsg: glink: Fix use after free in open_ack TIMEOUT case Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 24/80] rpmsg: glink: Put an extra reference during cleanup Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 25/80] rpmsg: glink: Fix rpmsg_register_device err handling Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 26/80] rpmsg: glink: Dont send pending rx_done during remove Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 27/80] rpmsg: glink: Free pending deferred work on remove Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 28/80] cifs: smbd: Return -EAGAIN when transport is reconnecting Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 29/80] cifs: smbd: Only queue work for error recovery on memory registration Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 30/80] cifs: smbd: Add messages on RDMA session destroy and reconnection Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 31/80] cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 32/80] cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 33/80] cifs: Dont display RDMA transport on reconnect Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 34/80] CIFS: Respect O_SYNC and O_DIRECT flags during reconnect Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 35/80] CIFS: Close open handle after interrupted close Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 36/80] CIFS: Do not miss cancelled OPEN responses Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 37/80] CIFS: Fix NULL pointer dereference in mid callback Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 38/80] cifs: Fix retrieval of DFS referrals in cifs_mount() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 39/80] ARM: dts: s3c64xx: Fix init order of clock providers Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 40/80] ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 41/80] vfio/pci: call irq_bypass_unregister_producer() before freeing irq Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 42/80] dma-buf: Fix memory leak in sync_file_merge() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 43/80] drm/panfrost: Fix a race in panfrost_ioctl_madvise() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 44/80] drm/panfrost: Fix a BO leak in panfrost_ioctl_mmap_bo() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 45/80] drm/panfrost: Fix a race in panfrost_gem_free_object() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 46/80] drm/mgag200: Extract device type from flags Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 47/80] drm/mgag200: Store flags from PCI driver data in device structure Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 48/80] drm/mgag200: Add workaround for HW that does not support startadd Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 49/80] drm/mgag200: Flag all G200 SE A machines as broken wrt <startadd> Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 50/80] drm: meson: venc: cvbs: fix CVBS mode matching Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 51/80] dm mpath: remove harmful bio-based optimization Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 52/80] dm btree: increase rebalance threshold in __rebalance2() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 53/80] dm clone metadata: Track exact changes per transaction Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 54/80] dm clone metadata: Use a two phase commit Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 55/80] dm clone: Flush destination device before committing metadata Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 56/80] dm thin metadata: Add support for a pre-commit callback Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 57/80] dm thin: Flush data device before committing metadata Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 58/80] scsi: ufs: Disable autohibern8 feature in Cadence UFS Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 59/80] scsi: iscsi: Fix a potential deadlock in the timeout handler Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 60/80] scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 61/80] scsi: qla2xxx: Initialize free_work before flushing it Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 62/80] scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 63/80] scsi: qla2xxx: Change discovery state before PLOGI Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 64/80] scsi: qla2xxx: Correctly retrieve and interpret active flash region Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 65/80] scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 66/80] drm/nouveau/kms/nv50-: Call outp_atomic_check_view() before handling PBN Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 5.4 67/80] drm/nouveau/kms/nv50-: Store the bpc were using in nv50_head_atom Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 68/80] drm/nouveau/kms/nv50-: Limit MST BPC to 8 Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 69/80] drm/i915/fbc: Disable fbc by default on all glk+ Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 70/80] drm/radeon: fix r1xx/r2xx register checker for POT textures Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 71/80] drm/dp_mst: Correct the bug in drm_dp_update_payload_part1() Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 72/80] drm/amd/display: re-enable wait in pipelock, but add timeout Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 73/80] drm/amd/display: add default clocks if not able to fetch them Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 74/80] drm/amdgpu: initialize vm_inv_eng0_sem for gfxhub and mmhub Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 75/80] drm/amdgpu: invalidate mmhub semaphore workaround in gmc9/gmc10 Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 76/80] drm/amdgpu/gfx10: explicitly wait for cp idle after halt/unhalt Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 77/80] drm/amdgpu/gfx10: re-init clear state buffer after gpu reset Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 78/80] drm/i915/gvt: Fix cmd length check for MI_ATOMIC Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 79/80] drm/amdgpu: avoid using invalidate semaphore for picasso Greg Kroah-Hartman
2019-12-19 18:35 ` [PATCH 5.4 80/80] drm/amdgpu: add invalidate semaphore limit for SRIOV and picasso in gmc9 Greg Kroah-Hartman
2019-12-20 4:30 ` [PATCH 5.4 00/80] 5.4.6-stable review shuah
2019-12-20 6:29 ` Greg Kroah-Hartman
2019-12-20 7:22 ` Naresh Kamboju
2019-12-20 8:20 ` Greg Kroah-Hartman
2019-12-20 10:30 ` Jon Hunter
2019-12-20 13:50 ` Greg Kroah-Hartman
2019-12-20 18:50 ` Guenter Roeck
2019-12-20 21:21 ` Greg Kroah-Hartman
2019-12-21 9:36 ` Jeffrin Jose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191219183056.023477756@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=agruenba@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rpeterso@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).