ceph: fix race during filling readdir cache

commit af5e5eb574776cdf1b756a27cc437bff257e22fe upstream.

Readdir cache uses page cache to save dentry pointers. When adding
dentry pointers to middle of a page, we need to make sure the page
already exists. Otherwise the beginning part of the page will be
invalid pointers.

Signed-off-by: Yan, Zheng <zyan@redhat.com>
Cc: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 498dcfa2dcdbedf393ae26fc9f7f68cf90bceb90..d98536c8abfc03adf01c744c33fe014cbda9fabc 100644 (file)
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -1358,15 +1358,20 @@ static int fill_readdir_cache(struct inode *dir, struct dentry *dn,
 
        if (!ctl->page || pgoff != page_index(ctl->page)) {
                ceph_readdir_cache_release(ctl);
-               ctl->page  = grab_cache_page(&dir->i_data, pgoff);
+               if (idx == 0)
+                       ctl->page = grab_cache_page(&dir->i_data, pgoff);
+               else
+                       ctl->page = find_lock_page(&dir->i_data, pgoff);
                if (!ctl->page) {
                        ctl->index = -1;
-                       return -ENOMEM;
+                       return idx == 0 ? -ENOMEM : 0;
                }
                /* reading/filling the cache are serialized by
                 * i_mutex, no need to use page lock */
                unlock_page(ctl->page);
                ctl->dentries = kmap(ctl->page);
+               if (idx == 0)
+                       memset(ctl->dentries, 0, PAGE_CACHE_SIZE);
        }
 
        if (req->r_dir_release_cnt == atomic64_read(&ci->i_release_count) &&