From: Alex Zhuravlev <bzzz@whamcloud.com>
Date: Thu, 4 Apr 2019 10:03:28 +0000 (+0300)
Subject: LU-12160 osd-ldiskfs: use-after-free in osd_object_delete()
X-Git-Url: https://git.whamcloud.com/gitweb?a=commitdiff_plain;h=6a4cc98cd1692b14f4598335dcd373ec4f5b5fb2;p=fs%2Flustre-release.git

LU-12160 osd-ldiskfs: use-after-free in osd_object_delete()

store a local copy of projid to avoid use-after-free.

Fixes: 39f63cf54c62 ("LU-4017 quota: add setting/getting project id function")

Change-Id: I60e19de3485cae3df1cc2e8aae6eeed4b5de3a11
Signed-off-by: Alex Zhuravlev <bzzz@whamcloud.com>
---

diff --git a/lustre/osd-ldiskfs/osd_handler.c b/lustre/osd-ldiskfs/osd_handler.c
index adc7b4a..3f64c22 100644
--- a/lustre/osd-ldiskfs/osd_handler.c
+++ b/lustre/osd-ldiskfs/osd_handler.c
@@ -2094,8 +2094,9 @@ static void osd_object_delete(const struct lu_env *env, struct lu_object *l)
 	osd_index_fini(obj);
 	if (inode != NULL) {
 		struct qsd_instance *qsd = osd_def_qsd(osd_obj2dev(obj));
-		qid_t		     uid = i_uid_read(inode);
-		qid_t		     gid = i_gid_read(inode);
+		qid_t uid = i_uid_read(inode);
+		qid_t gid = i_gid_read(inode);
+		__u64 projid = i_projid_read(inode);
 
 		obj->oo_inode = NULL;
 		iput(inode);
@@ -2110,7 +2111,7 @@ static void osd_object_delete(const struct lu_env *env, struct lu_object *l)
 			qi->lqi_id.qid_uid = gid;
 			qsd_op_adjust(env, qsd, &qi->lqi_id, GRPQUOTA);
 
-			qi->lqi_id.qid_uid = i_projid_read(inode);
+			qi->lqi_id.qid_uid = projid;
 			qsd_op_adjust(env, qsd, &qi->lqi_id, PRJQUOTA);
 		}
 	}