From: Andriy Skulysh <andriy.skulysh@seagate.com>
Date: Thu, 22 Jun 2017 08:08:45 +0000 (+0300)
Subject: LU-6436 llite: NULL pointer dereference in cl_object_top()
X-Git-Tag: 2.10.51~61
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=13c8d5e4bebf437227d95582c36ec1567b150cac;p=fs%2Flustre-release.git

LU-6436 llite: NULL pointer dereference in cl_object_top()

During race condition iget5_locked() returns inode without
I_NEW bit for the second thread. If cl_file_inode_init()
failed for the first thread lli_clob isn't valid for
corresponding fid.

But failed inode is marked bad, check it.

Change-Id: I02e477486e51d2653c8b047a18c54a5528b440c5
Seagate-bug-id: MRP-4035
Signed-off-by: Andriy Skulysh <andriy.skulysh@seagate.com>
Reviewed-on: https://review.whamcloud.com/27777
Tested-by: Jenkins
Reviewed-by: Bobi Jam <bobijam@hotmail.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---

diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index f53818a..de168ab 100644
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -139,6 +139,9 @@ struct inode *ll_iget(struct super_block *sb, ino_t hash,
 			inode_has_no_xattr(inode);
 			unlock_new_inode(inode);
 		}
+	} else if (is_bad_inode(inode)) {
+		iput(inode);
+		inode = ERR_PTR(-ESTALE);
 	} else if (!(inode->i_state & (I_FREEING | I_CLEAR))) {
 		rc = ll_update_inode(inode, md);
 		CDEBUG(D_VFSTRACE, "got inode: "DFID"(%p): rc = %d\n",