Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 5f21c96dd5c615341963036ae8f5e4f5227a818d^! / . / fs / ceph / file.c
commit5f21c96dd5c615341963036ae8f5e4f5227a818d[log] [tgz]
authorSage Weil <sage@newdream.net>Tue Jul 26 11:30:29 2011 -0700
committerSage Weil <sage@newdream.net>Tue Jul 26 11:30:29 2011 -0700
tree898c5781623b68527427d201e3f975827d08935c
parent48d0cbd1242aac969560ef8b90f26ee3b09a6a5c [diff] [blame]
ceph: protect access to d_parent

d_parent is protected by d_lock: use it when looking up a dentry's parent
directory inode.  Also take a reference and drop it in the caller to avoid
a use-after-free.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Reviewed-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index f34d47d..45fbd69 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c

@@ -122,7 +122,7 @@
 	struct ceph_mds_client *mdsc = fsc->mdsc;
 	struct ceph_mds_request *req;
 	struct ceph_file_info *cf = file->private_data;
-	struct inode *parent_inode = file->f_dentry->d_parent->d_inode;
+	struct inode *parent_inode = NULL;
 	int err;
 	int flags, fmode, wanted;
 
@@ -194,8 +194,10 @@
 	req->r_inode = inode;
 	ihold(inode);
 	req->r_num_caps = 1;
-	err = ceph_mdsc_do_request(mdsc, (flags & (O_CREAT|O_TRUNC)) ?
-				   parent_inode : NULL, req);
+	if (flags & (O_CREAT|O_TRUNC))
+		parent_inode = ceph_get_dentry_parent_inode(file->f_dentry);
+	err = ceph_mdsc_do_request(mdsc, parent_inode, req);
+	iput(parent_inode);
 	if (!err)
 		err = ceph_init_file(inode, file, req->r_fmode);
 	ceph_mdsc_put_request(req);