<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Sunil,<br>
<br>
On 07/18/2012 03:49 AM, Sunil Mushran wrote:<br>
</div>
<blockquote
cite="mid:CAEeiSHVKM7TK0u4Cd_JWVY9Z8bKj3326ay2RG5dqi4z9fXPaHQ@mail.gmail.com"
type="cite">
<div>
<div class="gmail_quote">On Tue, Jul 17, 2012 at 12:10 AM,
Junxiao Bi <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:junxiao.bi@oracle.com" target="_blank">junxiao.bi@oracle.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
In the target node of the dlm lock migration, the logic to
find<br>
the local dlm lock is wrong, it shouldn't change the loop
variable<br>
"lock" in the list_for_each_entry loop. This will cause a
NULL-pointer<br>
accessing crash.<br>
<br>
Signed-off-by: Junxiao Bi <<a moz-do-not-send="true"
href="mailto:junxiao.bi@oracle.com">junxiao.bi@oracle.com</a>><br>
Cc: <a moz-do-not-send="true"
href="mailto:stable@vger.kernel.org">stable@vger.kernel.org</a><br>
---<br>
fs/ocfs2/dlm/dlmrecovery.c | 12 +++++++-----<br>
1 file changed, 7 insertions(+), 5 deletions(-)<br>
<br>
diff --git a/fs/ocfs2/dlm/dlmrecovery.c
b/fs/ocfs2/dlm/dlmrecovery.c<br>
index 01ebfd0..0b9cc88 100644<br>
--- a/fs/ocfs2/dlm/dlmrecovery.c<br>
+++ b/fs/ocfs2/dlm/dlmrecovery.c<br>
@@ -1762,6 +1762,7 @@ static int
dlm_process_recovery_data(struct dlm_ctxt *dlm,<br>
u8 from = O2NM_MAX_NODES;<br>
unsigned int added = 0;<br>
__be64 c;<br>
+ int found;<br>
<br>
mlog(0, "running %d locks for this lockres\n",
mres->num_locks);<br>
for (i=0; i<mres->num_locks; i++) {<br>
@@ -1793,22 +1794,23 @@ static int
dlm_process_recovery_data(struct dlm_ctxt *dlm,<br>
/* MIGRATION ONLY! */<br>
BUG_ON(!(mres->flags &
DLM_MRES_MIGRATION));<br>
<br>
+ found = 0;<br>
spin_lock(&res->spinlock);<br>
for (j = DLM_GRANTED_LIST; j <=
DLM_BLOCKED_LIST; j++) {<br>
tmpq =
dlm_list_idx_to_ptr(res, j);<br>
list_for_each_entry(lock,
tmpq, list) {<br>
- if
(lock->ml.cookie != ml->cookie)<br>
- lock = NULL;<br>
- else<br>
+ if
(lock->ml.cookie == ml->cookie) {<br>
+ found = 1;<br>
break;<br>
+ }<br>
}<br>
- if (lock)<br>
+ if (found)<br>
break;<br>
}<br>
<br>
/* lock is always created locally
first, and<br>
* destroyed locally last. it must
be on the list */<br>
- if (!lock) {<br>
+ if (!found) {<br>
c = ml->cookie;<br>
mlog(ML_ERROR, "Could not
find local lock "<br>
"with cookie
%u:%llu, node %u, "<br>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<a moz-do-not-send="true"
href="https://oss.oracle.com/git/?p=smushran/linux-2.6.git;a=blobdiff;f=fs/ocfs2/dlm/dlmrecovery.c;h=c881be6043a8c27c26ee44d217fb8ecf1eb37e02;hp=01ebfd0bdad72264b99345378f0c6febe246503d;hb=13279667cc8bbaf901591dee96f762d4aab8b307;hpb=a5ae0116eb56ec7c128e84fe15646a5cb9a8cb47">https://oss.oracle.com/git/?p=smushran/linux-2.6.git;a=blobdiff;f=fs/ocfs2/dlm/dlmrecovery.c;h=c881be6043a8c27c26ee44d217fb8ecf1eb37e02;hp=01ebfd0bdad72264b99345378f0c6febe246503d;hb=13279667cc8bbaf901591dee96f762d4aab8b307;hpb=a5ae0116eb56ec7c128e84fe15646a5cb9a8cb47</a>
<div>
<br>
</div>
<div>We had decided to go back to list_for_each().</div>
</div>
</div>
</blockquote>
<br>
OK, thank you. It's OK to revert it back for a introduced bug. But I
think you'd better cc stable branch.<br>
</body>
</html>