ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 15 Sep 2023 01:55:29 +0000 (21:55 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Sat, 28 Oct 2023 00:14:38 +0000 (20:14 -0400)
Use of dget() after we'd dropped ->d_lock is too late - dentry might
be gone by that point.

Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/ceph/mds_client.c

index 615db14..293b931 100644 (file)
@@ -861,8 +861,8 @@ int ceph_wait_on_conflict_unlink(struct dentry *dentry)
                if (!d_same_name(udentry, pdentry, &dname))
                        goto next;
 
+               found = dget_dlock(udentry);
                spin_unlock(&udentry->d_lock);
-               found = dget(udentry);
                break;
 next:
                spin_unlock(&udentry->d_lock);