mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
cb9e778a29
[ Upstream commit fe5e7ba11fcf1d75af8173836309e8562aefedef ]
Commit 9287c6452d2b fixed a situation in which gfs2 could use a glock
after it had been freed. To do that, it temporarily added a new glock
reference by calling gfs2_glock_hold in function gfs2_add_revoke.
However, if the bd element was removed by gfs2_trans_remove_revoke, it
failed to drop the additional reference.
This patch adds logic to gfs2_trans_remove_revoke to properly drop the
additional glock reference.
Fixes: 9287c6452d2b ("gfs2: Fix occasional glock use-after-free")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
87 lines
2.5 KiB
C
87 lines
2.5 KiB
C
/*
|
|
* Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
|
|
* Copyright (C) 2004-2006 Red Hat, Inc. All rights reserved.
|
|
*
|
|
* This copyrighted material is made available to anyone wishing to use,
|
|
* modify, copy, or redistribute it subject to the terms and conditions
|
|
* of the GNU General Public License version 2.
|
|
*/
|
|
|
|
#ifndef __LOG_DOT_H__
|
|
#define __LOG_DOT_H__
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/writeback.h>
|
|
#include "incore.h"
|
|
|
|
/**
|
|
* gfs2_log_lock - acquire the right to mess with the log manager
|
|
* @sdp: the filesystem
|
|
*
|
|
*/
|
|
|
|
static inline void gfs2_log_lock(struct gfs2_sbd *sdp)
|
|
__acquires(&sdp->sd_log_lock)
|
|
{
|
|
spin_lock(&sdp->sd_log_lock);
|
|
}
|
|
|
|
/**
|
|
* gfs2_log_unlock - release the right to mess with the log manager
|
|
* @sdp: the filesystem
|
|
*
|
|
*/
|
|
|
|
static inline void gfs2_log_unlock(struct gfs2_sbd *sdp)
|
|
__releases(&sdp->sd_log_lock)
|
|
{
|
|
spin_unlock(&sdp->sd_log_lock);
|
|
}
|
|
|
|
static inline void gfs2_log_pointers_init(struct gfs2_sbd *sdp,
|
|
unsigned int value)
|
|
{
|
|
if (++value == sdp->sd_jdesc->jd_blocks) {
|
|
value = 0;
|
|
}
|
|
sdp->sd_log_head = sdp->sd_log_tail = value;
|
|
}
|
|
|
|
static inline void gfs2_ordered_add_inode(struct gfs2_inode *ip)
|
|
{
|
|
struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
|
|
|
|
if (!test_bit(GIF_ORDERED, &ip->i_flags)) {
|
|
spin_lock(&sdp->sd_ordered_lock);
|
|
if (!test_and_set_bit(GIF_ORDERED, &ip->i_flags))
|
|
list_add(&ip->i_ordered, &sdp->sd_log_le_ordered);
|
|
spin_unlock(&sdp->sd_ordered_lock);
|
|
}
|
|
}
|
|
extern void gfs2_ordered_del_inode(struct gfs2_inode *ip);
|
|
extern unsigned int gfs2_struct2blk(struct gfs2_sbd *sdp, unsigned int nstruct,
|
|
unsigned int ssize);
|
|
|
|
extern void gfs2_log_release(struct gfs2_sbd *sdp, unsigned int blks);
|
|
extern int gfs2_log_reserve(struct gfs2_sbd *sdp, unsigned int blks);
|
|
enum gfs2_flush_type {
|
|
NORMAL_FLUSH = 0,
|
|
SYNC_FLUSH,
|
|
SHUTDOWN_FLUSH,
|
|
FREEZE_FLUSH
|
|
};
|
|
extern void gfs2_log_flush(struct gfs2_sbd *sdp, struct gfs2_glock *gl,
|
|
enum gfs2_flush_type type);
|
|
extern void gfs2_log_commit(struct gfs2_sbd *sdp, struct gfs2_trans *trans);
|
|
extern void gfs2_remove_from_ail(struct gfs2_bufdata *bd);
|
|
extern void gfs2_ail1_flush(struct gfs2_sbd *sdp, struct writeback_control *wbc);
|
|
|
|
extern void gfs2_log_shutdown(struct gfs2_sbd *sdp);
|
|
extern int gfs2_logd(void *data);
|
|
extern void gfs2_add_revoke(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd);
|
|
extern void gfs2_glock_remove_revoke(struct gfs2_glock *gl);
|
|
extern void gfs2_write_revokes(struct gfs2_sbd *sdp);
|
|
|
|
#endif /* __LOG_DOT_H__ */
|