LU-12160 osd-ldiskfs: use-after-free in osd_object_delete()

store a local copy of projid to avoid use-after-free.

Fixes: 39f63cf54c62 ("LU-4017 quota: add setting/getting project id function")

Change-Id: I60e19de3485cae3df1cc2e8aae6eeed4b5de3a11
Signed-off-by: Alex Zhuravlev <bzzz@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/34596
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Wang Shilong <wshilong@ddn.com>
Tested-by: Jenkins
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

diff --git a/lustre/osd-ldiskfs/osd_handler.c b/lustre/osd-ldiskfs/osd_handler.c
index 7aa5eaf..25eebba 100644 (file)
--- a/lustre/osd-ldiskfs/osd_handler.c
+++ b/lustre/osd-ldiskfs/osd_handler.c
@@ -2094,8 +2094,9 @@ static void osd_object_delete(const struct lu_env *env, struct lu_object *l)
        osd_index_fini(obj);
        if (inode != NULL) {
                struct qsd_instance *qsd = osd_def_qsd(osd_obj2dev(obj));
-               qid_t                uid = i_uid_read(inode);
-               qid_t                gid = i_gid_read(inode);
+               qid_t uid = i_uid_read(inode);
+               qid_t gid = i_gid_read(inode);
+               __u64 projid = i_projid_read(inode);
 
                obj->oo_inode = NULL;
                iput(inode);
@@ -2110,7 +2111,7 @@ static void osd_object_delete(const struct lu_env *env, struct lu_object *l)
                        qi->lqi_id.qid_uid = gid;
                        qsd_op_adjust(env, qsd, &qi->lqi_id, GRPQUOTA);
 
-                       qi->lqi_id.qid_uid = i_projid_read(inode);
+                       qi->lqi_id.qid_uid = projid;
                        qsd_op_adjust(env, qsd, &qi->lqi_id, PRJQUOTA);
                }
        }