ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock

[ Upstream commit dc32464a5fe4946fe1a4d8f8e29961dc411933c5 ]

Use of dget() after we'd dropped ->d_lock is too late - dentry might
be gone by that point.

Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index f6a7fd4..82874be 100644 (file)
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -709,8 +709,8 @@ int ceph_wait_on_conflict_unlink(struct dentry *dentry)
                if (!d_same_name(udentry, pdentry, &dname))
                        goto next;
 
+               found = dget_dlock(udentry);
                spin_unlock(&udentry->d_lock);
-               found = dget(udentry);
                break;
 next:
                spin_unlock(&udentry->d_lock);