Bob, On Tue, Nov 19, 2019 at 5:41 PM Bob Peterson <[email protected]> wrote: > Before this patch, gfs2_create_inode had a use-after-free for the > iopen glock in some error paths because it did this: > > gfs2_glock_put(io_gl); > fail_gunlock2: > if (io_gl) > clear_bit(GLF_INODE_CREATING, &io_gl->gl_flags); > > In some cases, the io_gl was used for create and only had one > reference, so the glock might be freed before the clear_bit(). > This patch tries to straighten it out by only jumping to the > error paths where iopen is properly set, and moving the > gfs2_glock_put after the clear_bit.
this patch fixes a glock refcounting bug and slightly cleans up gfs2_create_inode; it's an obvious improvement. This has passed my testing and I'd like to see this fixed in the upcoming merge window, so I'm adding it to for-next. Thanks, Andreas
