git://git.whamcloud.com - fs/lustre-release.git/commit

author	Etienne AUJAMES <etienne.aujames@cea.fr>
	Wed, 6 Sep 2023 12:24:47 +0000 (14:24 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Thu, 28 Sep 2023 08:01:07 +0000 (08:01 +0000)
commit	d7e70e38c942baebfdc186fcd5ad48cdcc2ebde3
tree	63fa2f9be2d7de36a266511feac2c938135a63f7	tree \| snapshot
parent	f667cc6a477e0e17b5263669b4592668fbf005bb	commit \| diff

LU-17076 orr: take a ref after lookup_get_insert_fast()

We need to take a reference on all existing object returned by
nrs_orr_res_get(). Otherwise, the object could be freed before
nrs_orr_res_put().
Therefore, a ref should be taken if
rhashtable_lookup_get_insert_fast() returns an existing object.

This avoids the following use-after-free in sanityn test_77c:

ptlrpc_nrs_req_stop_nolock+0x3b/0x150
ptlrpc_server_finish_active_request+0x2b/0x140 [ptlrpc]
ptlrpc_server_handle_request+0x40e/0xc00 [ptlrpc]
ptlrpc_main+0xc8c/0x1680 [ptlrpc]
kthread+0xd1/0xe0
ret_from_fork_nospec_begin+0x21/0x21

Fixes: 42bf5f7 ("LU-8130 nrs: convert NRS ORR/TRR to rhashtable")
Test-Parameters: fstype=zfs testlist=sanityn env=ONLY=77c,ONLY_REPEAT=100
Test-Parameters: fstype=zfs testlist=sanityn env=ONLY=77c,ONLY_REPEAT=100
Test-Parameters: fstype=zfs testlist=sanityn env=ONLY=77c,ONLY_REPEAT=100
Signed-off-by: Etienne AUJAMES <eaujames@ddn.com>
Change-Id: I267287a1075ee91019d3a4492b57f272a4b0cadd
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/52295
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Alexander Boyko <alexander.boyko@hpe.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>