From: Oleg Drokin <green@linuxhacker.ru>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, devel@driverdev.osuosl.org
Cc: Oleg Drokin <green@linuxhacker.ru>, Oleg Drokin <oleg.drokin@intel.com>
Subject: [PATCH 2/5] staging/lustre/lnet: Fix use after free in ksocknal_send
Date: Thu, 23 Jan 2014 23:45:05 -0500 [thread overview]
Message-ID: <1390538708-4120-3-git-send-email-green@linuxhacker.ru> (raw)
In-Reply-To: <1390538708-4120-1-git-send-email-green@linuxhacker.ru>
Call to ksocknal_launch_packet might schedule a callback that
might free the just sent message, and so subsequent access to it
via lntmsg->msg_vmflush goes to freed memory.
Instead we'll just remember if we are in the vmflush thread and
only restore if we happened to set mempressure flag.
Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
Reviewed-on: http://review.whamcloud.com/8667
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-4360
Reviewed-by: Liang Zhen <liang.zhen@intel.com>
Reviewed-by: Amir Shehata <amir.shehata@intel.com>
---
drivers/staging/lustre/lnet/klnds/socklnd/socklnd_cb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/lustre/lnet/klnds/socklnd/socklnd_cb.c b/drivers/staging/lustre/lnet/klnds/socklnd/socklnd_cb.c
index 68a4f52..b7b53b5 100644
--- a/drivers/staging/lustre/lnet/klnds/socklnd/socklnd_cb.c
+++ b/drivers/staging/lustre/lnet/klnds/socklnd/socklnd_cb.c
@@ -924,7 +924,7 @@ ksocknal_launch_packet (lnet_ni_t *ni, ksock_tx_t *tx, lnet_process_id_t id)
int
ksocknal_send(lnet_ni_t *ni, void *private, lnet_msg_t *lntmsg)
{
- int mpflag = 0;
+ int mpflag = 1;
int type = lntmsg->msg_type;
lnet_process_id_t target = lntmsg->msg_target;
unsigned int payload_niov = lntmsg->msg_niov;
@@ -993,8 +993,9 @@ ksocknal_send(lnet_ni_t *ni, void *private, lnet_msg_t *lntmsg)
/* The first fragment will be set later in pro_pack */
rc = ksocknal_launch_packet(ni, tx, target);
- if (lntmsg->msg_vmflush)
+ if (!mpflag)
cfs_memory_pressure_restore(mpflag);
+
if (rc == 0)
return (0);
--
1.8.5.3
next prev parent reply other threads:[~2014-01-24 5:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-24 4:45 [PATCH 0/5] Lustre fixes from my testing Oleg Drokin
2014-01-24 4:45 ` [PATCH 1/5] staging/lustre: fix compile warning with is_vmalloc_addr Oleg Drokin
2014-01-24 4:45 ` Oleg Drokin [this message]
2014-01-24 4:45 ` [PATCH 3/5] lustre: Account for changelog_ext_rec in CR_MAXSIZE Oleg Drokin
2014-01-24 4:45 ` [PATCH 4/5] lustre: Correct KUC code max changelog msg size Oleg Drokin
2014-01-24 4:45 ` [PATCH 5/5] lustre: add myself to list of people to CC on lustre patches Oleg Drokin
2014-01-24 5:44 ` Joe Perches
2014-01-24 5:51 ` Oleg Drokin
2014-01-24 8:55 ` Geert Uytterhoeven
2014-01-25 3:23 ` Oleg Drokin
2014-01-28 19:28 ` Geert Uytterhoeven
2014-01-29 13:02 ` Greg Kroah-Hartman
2014-03-26 8:44 ` Geert Uytterhoeven
2014-03-26 9:02 ` Christoph Hellwig
2014-03-26 16:10 ` Oleg Drokin
2014-01-24 8:12 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1390538708-4120-3-git-send-email-green@linuxhacker.ru \
--to=green@linuxhacker.ru \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg.drokin@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.