diff options
author | Bob Peterson <rpeterso@redhat.com> | 2019-11-14 17:49:11 +0300 |
---|---|---|
committer | Andreas Gruenbacher <agruenba@redhat.com> | 2019-11-14 18:51:00 +0300 |
commit | fe5e7ba11fcf1d75af8173836309e8562aefedef (patch) | |
tree | c10085dc5073f46c1472d98d12106f7e21dc523d /fs/gfs2/trans.c | |
parent | feed98a8e5f3e54a8c41a3b26aa914db5d7e3c18 (diff) | |
download | linux-fe5e7ba11fcf1d75af8173836309e8562aefedef.tar.xz |
gfs2: fix glock reference problem in gfs2_trans_remove_revoke
Commit 9287c6452d2b fixed a situation in which gfs2 could use a glock
after it had been freed. To do that, it temporarily added a new glock
reference by calling gfs2_glock_hold in function gfs2_add_revoke.
However, if the bd element was removed by gfs2_trans_remove_revoke, it
failed to drop the additional reference.
This patch adds logic to gfs2_trans_remove_revoke to properly drop the
additional glock reference.
Fixes: 9287c6452d2b ("gfs2: Fix occasional glock use-after-free")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Diffstat (limited to 'fs/gfs2/trans.c')
-rw-r--r-- | fs/gfs2/trans.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/gfs2/trans.c b/fs/gfs2/trans.c index 35e3059255fe..9d4227330de4 100644 --- a/fs/gfs2/trans.c +++ b/fs/gfs2/trans.c @@ -262,6 +262,8 @@ void gfs2_trans_remove_revoke(struct gfs2_sbd *sdp, u64 blkno, unsigned int len) list_del_init(&bd->bd_list); gfs2_assert_withdraw(sdp, sdp->sd_log_num_revoke); sdp->sd_log_num_revoke--; + if (bd->bd_gl) + gfs2_glock_remove_revoke(bd->bd_gl); kmem_cache_free(gfs2_bufdata_cachep, bd); tr->tr_num_revoke--; if (--n == 0) |