From a71c9dd7e57a6a1dd64ccfb67f24c2a7cf29f652 Mon Sep 17 00:00:00 2001
From: "chentao.2022" <chentao.2022@bytedance.com>
Date: Mon, 24 Jun 2024 11:23:27 +0800
Subject: [PATCH]     cephfs: Fixed a bug in the readdir_cache_cb function that
 may have used freed memory after the _getattr operation returned

    Fixes: https://tracker.ceph.com/issues/56288
    Signed-off-by: Tod Chen <chentao.2022@bytedance.com>
---
 src/client/Client.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/client/Client.cc b/src/client/Client.cc
index fffbd11f60078..1887b0fce1fc1 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -9405,6 +9405,12 @@ int Client::_readdir_cache_cb(dir_result_t *dirp, add_dirent_cb_t cb, void *p,
     int r = _getattr(dn->inode, mask, dirp->perms);
     if (r < 0)
       return r;
+
+    /* fix https://tracker.ceph.com/issues/56288 */
+    if (dirp->inode->dir == NULL) {
+      ldout(cct, 0) << " dir is closed, so we should return" << dendl;
+      return -CEPHFS_EAGAIN;
+    }
     
     // the content of readdir_cache may change after _getattr(), so pd may be invalid iterator    
     pd = dir->readdir_cache.begin() + idx;
-- 
2.39.5