[Ocfs2-devel] [patch 18/28] ocfs2: avoid access invalid address when read o2dlm debug messages
Mark Fasheh
mfasheh at suse.de
Mon Aug 31 13:10:21 PDT 2015
On Wed, Aug 26, 2015 at 03:12:09PM -0700, Andrew Morton wrote:
> From: Yiwen Jiang <jiangyiwen at huawei.com>
> Subject: ocfs2: avoid access invalid address when read o2dlm debug messages
>
> The following case will lead to a lockres is freed but is still in use.
>
> cat /sys/kernel/debug/o2dlm/locking_state dlm_thread
> lockres_seq_start
> -> lock dlm->track_lock
> -> get resA
> resA->refs decrease to 0,
> call dlm_lockres_release,
> and wait for "cat" unlock.
> Although resA->refs is already set to 0,
> increase resA->refs, and then unlock
> lock dlm->track_lock
> -> list_del_init()
> -> unlock
> -> free resA
>
> In such a race case, invalid address access may occurs. So we should
> delete list res->tracking before resA->refs decrease to 0.
>
>
> Signed-off-by: Yiwen Jiang <jiangyiwen at huawei.com>
> Reviewed-by: Joseph Qi <joseph.qi at huawei.com>
> Cc: Joel Becker <jlbec at evilplan.org>
> Cc: Mark Fasheh <mfasheh at suse.com>
> Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
I _think_ this is now correct.
Signed-off-by: Mark Fasheh <mfasheh at suse.de>
--
Mark Fasheh
More information about the Ocfs2-devel
mailing list