diff options
| author | Bob Peterson <rpeterso@redhat.com> | 2019-11-14 09:49:11 -0500 |
|---|---|---|
| committer | Andreas Gruenbacher <agruenba@redhat.com> | 2019-11-14 16:51:00 +0100 |
| commit | fe5e7ba11fcf1d75af8173836309e8562aefedef (patch) | |
| tree | c10085dc5073f46c1472d98d12106f7e21dc523d /fs/gfs2/lops.c | |
| parent | feed98a8e5f3e54a8c41a3b26aa914db5d7e3c18 (diff) | |
| download | linux-fe5e7ba11fcf1d75af8173836309e8562aefedef.tar.gz | |
gfs2: fix glock reference problem in gfs2_trans_remove_revoke
Commit 9287c6452d2b fixed a situation in which gfs2 could use a glock
after it had been freed. To do that, it temporarily added a new glock
reference by calling gfs2_glock_hold in function gfs2_add_revoke.
However, if the bd element was removed by gfs2_trans_remove_revoke, it
failed to drop the additional reference.
This patch adds logic to gfs2_trans_remove_revoke to properly drop the
additional glock reference.
Fixes: 9287c6452d2b ("gfs2: Fix occasional glock use-after-free")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Diffstat (limited to 'fs/gfs2/lops.c')
| -rw-r--r-- | fs/gfs2/lops.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c index 313b83ef6657..55fed7daf2b1 100644 --- a/fs/gfs2/lops.c +++ b/fs/gfs2/lops.c @@ -883,10 +883,7 @@ static void revoke_lo_after_commit(struct gfs2_sbd *sdp, struct gfs2_trans *tr) bd = list_entry(head->next, struct gfs2_bufdata, bd_list); list_del_init(&bd->bd_list); gl = bd->bd_gl; - if (atomic_dec_return(&gl->gl_revokes) == 0) { - clear_bit(GLF_LFLUSH, &gl->gl_flags); - gfs2_glock_queue_put(gl); - } + gfs2_glock_remove_revoke(gl); kmem_cache_free(gfs2_bufdata_cachep, bd); } } |