From 5005ce737ce160999e2de444e0e578ffda569e9c Mon Sep 17 00:00:00 2001
From: Bobi Jam <bobijam@whamcloud.com>
Date: Thu, 25 Jan 2024 19:20:27 +0800
Subject: [PATCH] LU-17469 llite: hold object reference in IO

There could be a race between page write and inode free, hold
a cl_object reference during the IO lest accessing freed object.

Signed-off-by: Bobi Jam <bobijam@whamcloud.com>
Change-Id: Ic70cc27430e68265aba0662fc68e9bfe2f86cfe1
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/53819
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/file.c | 2 ++
 lustre/llite/rw.c   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index a2f8265..5d2121f 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -4895,6 +4895,7 @@ int cl_sync_file_range(struct inode *inode, loff_t start, loff_t end,
 
 	io = vvp_env_thread_io(env);
 	io->ci_obj = ll_i2info(inode)->lli_clob;
+	cl_object_get(io->ci_obj);
 	io->ci_ignore_layout = ignore_layout;
 
 	/* initialize parameters for sync */
@@ -4912,6 +4913,7 @@ int cl_sync_file_range(struct inode *inode, loff_t start, loff_t end,
 	if (result == 0)
 		result = fio->fi_nr_written;
 	cl_io_fini(env, io);
+	cl_object_put(env, io->ci_obj);
 	cl_env_put(env, &refcheck);
 
 	RETURN(result);
diff --git a/lustre/llite/rw.c b/lustre/llite/rw.c
index 49a46cf..48eaba7 100644
--- a/lustre/llite/rw.c
+++ b/lustre/llite/rw.c
@@ -1605,7 +1605,7 @@ int ll_writepages(struct address_space *mapping, struct writeback_control *wbc)
 #endif
 	}
 
-	if (ll_i2info(inode)->lli_clob == NULL)
+	if (ll_i2info(inode)->lli_clob == NULL || (inode->i_state & I_FREEING))
 		RETURN(0);
 
 	/* for directio, it would call writepages() to evict cached pages
-- 
1.8.3.1