From 91ca866862aaa89218370996d9ed9c668611e069 Mon Sep 17 00:00:00 2001 From: Alex Zhuravlev Date: Thu, 4 Apr 2019 13:03:28 +0300 Subject: [PATCH] LU-12160 osd-ldiskfs: use-after-free in osd_object_delete() store a local copy of projid to avoid use-after-free. Fixes: 39f63cf54c62 ("LU-4017 quota: add setting/getting project id function") Change-Id: I60e19de3485cae3df1cc2e8aae6eeed4b5de3a11 Signed-off-by: Alex Zhuravlev Reviewed-on: https://review.whamcloud.com/34596 Reviewed-by: Andreas Dilger Reviewed-by: Wang Shilong Tested-by: Jenkins Reviewed-by: Patrick Farrell Tested-by: Maloo --- lustre/osd-ldiskfs/osd_handler.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lustre/osd-ldiskfs/osd_handler.c b/lustre/osd-ldiskfs/osd_handler.c index 7aa5eaf..25eebba 100644 --- a/lustre/osd-ldiskfs/osd_handler.c +++ b/lustre/osd-ldiskfs/osd_handler.c @@ -2094,8 +2094,9 @@ static void osd_object_delete(const struct lu_env *env, struct lu_object *l) osd_index_fini(obj); if (inode != NULL) { struct qsd_instance *qsd = osd_def_qsd(osd_obj2dev(obj)); - qid_t uid = i_uid_read(inode); - qid_t gid = i_gid_read(inode); + qid_t uid = i_uid_read(inode); + qid_t gid = i_gid_read(inode); + __u64 projid = i_projid_read(inode); obj->oo_inode = NULL; iput(inode); @@ -2110,7 +2111,7 @@ static void osd_object_delete(const struct lu_env *env, struct lu_object *l) qi->lqi_id.qid_uid = gid; qsd_op_adjust(env, qsd, &qi->lqi_id, GRPQUOTA); - qi->lqi_id.qid_uid = i_projid_read(inode); + qi->lqi_id.qid_uid = projid; qsd_op_adjust(env, qsd, &qi->lqi_id, PRJQUOTA); } } -- 1.8.3.1