On Wed, 2021-08-25 at 13:22 +0800, xiubli@xxxxxxxxxx wrote: > From: Xiubo Li <xiubli@xxxxxxxxxx> > > Always init the i_list/g_list in the begining to make sure it won't > crash the kernel if someone want to delete the cap_flush from the > lists. > > Cc: stable@xxxxxxxxxxxxxxx > URL: https://tracker.ceph.com/issues/52401 > Signed-off-by: Xiubo Li <xiubli@xxxxxxxxxx> > --- > fs/ceph/caps.c | 2 +- > fs/ceph/snap.c | 2 ++ > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c > index 4f0dbc640b0b..60f60260cf42 100644 > --- a/fs/ceph/caps.c > +++ b/fs/ceph/caps.c > @@ -3666,7 +3666,7 @@ static void handle_cap_flush_ack(struct inode *inode, u64 flush_tid, > while (!list_empty(&to_remove)) { > cf = list_first_entry(&to_remove, > struct ceph_cap_flush, i_list); > - list_del(&cf->i_list); > + list_del_init(&cf->i_list); > if (!cf->is_capsnap) > ceph_free_cap_flush(cf); > } > diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c > index 62fab59bbf96..b41e6724c591 100644 > --- a/fs/ceph/snap.c > +++ b/fs/ceph/snap.c > @@ -488,6 +488,8 @@ static void ceph_queue_cap_snap(struct ceph_inode_info *ci) > return; > } > capsnap->cap_flush.is_capsnap = true; > + INIT_LIST_HEAD(&capsnap->cap_flush.i_list); > + INIT_LIST_HEAD(&capsnap->cap_flush.g_list); > > spin_lock(&ci->i_ceph_lock); > used = __ceph_caps_used(ci); I'm not certain the second hunk is strictly needed. These either end up on the list or they just get freed. That said, they shouldn't hurt anything and it is more consistent. Merged into testing. Ilya, since this is marked for stable, this probably ought to go to Linus in the last v5.14 pile. Thanks, -- Jeff Layton <jlayton@xxxxxxxxxx>
