From: Xiubo Li xiubli@redhat.com
stable inclusion from stable-v5.10.227 commit f55e003d261baa7c57d51ae5c8ec1f5c26a35c89 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2YU2 CVE: CVE-2024-50179
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit c08dfb1b49492c09cf13838c71897493ea3b424e ]
When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it get the Fw reference.
Fixes: 5dda377cf0a6 ("ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference") Signed-off-by: Xiubo Li xiubli@redhat.com Reviewed-by: Patrick Donnelly pdonnell@redhat.com Signed-off-by: Ilya Dryomov idryomov@gmail.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Baokun Li libaokun1@huawei.com --- fs/ceph/addr.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 7402001e4c15..122b4129d1cd 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -91,7 +91,6 @@ static int ceph_set_page_dirty(struct page *page)
/* dirty the head */ spin_lock(&ci->i_ceph_lock); - BUG_ON(ci->i_wr_ref == 0); // caller should hold Fw reference if (__ceph_have_pending_cap_snap(ci)) { struct ceph_cap_snap *capsnap = list_last_entry(&ci->i_cap_snaps,