From: "J. Bruce Fields" <bfields@fieldses.org>
To: Jeff Layton <jlayton@redhat.com>
Cc: nfs@lists.sourceforge.net, Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: Re: [PATCH][RFC] use after free in NLM subsystem -- how best to fix it?
Date: Tue, 25 Sep 2007 11:26:30 -0400 [thread overview]
Message-ID: <20070925152630.GD30845@fieldses.org> (raw)
In-Reply-To: <20070925102501.c770c202.jlayton@redhat.com>
On Tue, Sep 25, 2007 at 10:25:01AM -0400, Jeff Layton wrote:
> As a side note, I think we need to consider some locking around
> nlmsvc_pid/nlmsvc_serv. This part of lockd seems racy:
>
> if (!nlmsvc_pid || current->pid == nlmsvc_pid) {
> if (nlmsvc_ops)
> nlmsvc_invalidate_all();
> nlm_shutdown_hosts();
> nlmsvc_pid = 0;
> nlmsvc_serv = NULL;
>
> if either nlm_invalidate_all or nlm_shutdown_hosts takes a while, and
> lockd is being restarted:
>
> 1) lockd_down is called and starts shutting down lockd
> 2) lockd takes a while to come down, lockd_down gives up, and sets
> nlmsvc_pid=0
> 3) lockd_up is called and fires up a new lockd thread, it sets
> nlmsvc_pid to the new thread's pid
> 4) first lockd finishes and sets nlmsvc_pid=0
>
> Perhaps we need to have only lockd_down set those vars so that it's
> done under the nlmsvc_mutex?
Could be. I believe nfsd startup/shutdown is similarly racy; see for
example http://lkml.org/lkml/2007/8/2/462, which I think Neil determined
was a similar race.
--b.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2007-09-25 15:26 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-24 20:12 [PATCH][RFC] use after free in NLM subsystem -- how best to fix it? Jeff Layton
2007-09-24 22:13 ` Trond Myklebust
2007-09-25 14:25 ` Jeff Layton
2007-09-25 15:26 ` J. Bruce Fields [this message]
2007-09-25 17:05 ` Trond Myklebust
2007-09-27 17:59 ` Jeff Layton
2007-09-27 18:38 ` J. Bruce Fields
2007-09-27 19:09 ` Jeff Layton
2007-09-27 20:55 ` J. Bruce Fields
2007-09-28 1:13 ` Jeff Layton
2007-09-28 12:37 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070925152630.GD30845@fieldses.org \
--to=bfields@fieldses.org \
--cc=jlayton@redhat.com \
--cc=nfs@lists.sourceforge.net \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.