--- /dev/null
+From af5e5eb574776cdf1b756a27cc437bff257e22fe Mon Sep 17 00:00:00 2001
+From: "Yan, Zheng" <zyan@redhat.com>
+Date: Fri, 26 Feb 2016 16:27:13 +0800
+Subject: ceph: fix race during filling readdir cache
+
+From: Yan, Zheng <zyan@redhat.com>
+
+commit af5e5eb574776cdf1b756a27cc437bff257e22fe upstream.
+
+Readdir cache uses page cache to save dentry pointers. When adding
+dentry pointers to middle of a page, we need to make sure the page
+already exists. Otherwise the beginning part of the page will be
+invalid pointers.
+
+Signed-off-by: Yan, Zheng <zyan@redhat.com>
+Cc: Nikolay Borisov <kernel@kyup.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ceph/inode.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/fs/ceph/inode.c
++++ b/fs/ceph/inode.c
+@@ -1358,15 +1358,20 @@ static int fill_readdir_cache(struct ino
+
+ if (!ctl->page || pgoff != page_index(ctl->page)) {
+ ceph_readdir_cache_release(ctl);
+- ctl->page = grab_cache_page(&dir->i_data, pgoff);
++ if (idx == 0)
++ ctl->page = grab_cache_page(&dir->i_data, pgoff);
++ else
++ ctl->page = find_lock_page(&dir->i_data, pgoff);
+ if (!ctl->page) {
+ ctl->index = -1;
+- return -ENOMEM;
++ return idx == 0 ? -ENOMEM : 0;
+ }
+ /* reading/filling the cache are serialized by
+ * i_mutex, no need to use page lock */
+ unlock_page(ctl->page);
+ ctl->dentries = kmap(ctl->page);
++ if (idx == 0)
++ memset(ctl->dentries, 0, PAGE_CACHE_SIZE);
+ }
+
+ if (req->r_dir_release_cnt == atomic64_read(&ci->i_release_count) &&
projects / thirdparty / kernel / stable-queue.git / commitdiff
