From: Xiubo Li <xiubli@redhat.com> stable inclusion from stable-v5.10.227 commit f55e003d261baa7c57d51ae5c8ec1f5c26a35c89 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2YU2 CVE: CVE-2024-50179 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- [ Upstream commit c08dfb1b49492c09cf13838c71897493ea3b424e ] When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it get the Fw reference. Fixes: 5dda377cf0a6 ("ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference") Signed-off-by: Xiubo Li <xiubli@redhat.com> Reviewed-by: Patrick Donnelly <pdonnell@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Baokun Li <libaokun1@huawei.com> --- fs/ceph/addr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 7402001e4c15..122b4129d1cd 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -91,7 +91,6 @@ static int ceph_set_page_dirty(struct page *page) /* dirty the head */ spin_lock(&ci->i_ceph_lock); - BUG_ON(ci->i_wr_ref == 0); // caller should hold Fw reference if (__ceph_have_pending_cap_snap(ci)) { struct ceph_cap_snap *capsnap = list_last_entry(&ci->i_cap_snaps, -- 2.46.1