From: Joseph Qi <joseph.qi@huawei.com>
To: ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
Date: Tue, 14 Jan 2014 12:06:29 +0800 [thread overview]
Message-ID: <52D4B7C5.7040409@huawei.com> (raw)
In-Reply-To: <1389403153-4220-1-git-send-email-srinivas.eeda@oracle.com>
On 2014/1/11 9:19, Srinivas Eeda wrote:
> From: Srinivas Eeda <seeda@srini.(none)>
>
> A tiny race between BAST and unlock message causes the NULL dereference.
>
> A node sends an unlock request to master and receives a response. Before
> processing the response it receives a BAST from the master. Since both requests
> are processed by different threads it creates a race. While the BAST is being
> processed, lock can get freed by unlock code.
>
> This patch makes bast to return immediately if lock is found but unlock is
> pending. The code should handle this race. We also have to fix master node to
> skip sending BAST after receiving unlock message.
>
> Below is the crash stack
>
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
> IP: [<ffffffffa015e023>] o2dlm_blocking_ast_wrapper+0xd/0x16
> [<ffffffffa034e3db>] dlm_do_local_bast+0x8e/0x97 [ocfs2_dlm]
> [<ffffffffa034f366>] dlm_proxy_ast_handler+0x838/0x87e [ocfs2_dlm]
> [<ffffffffa0308abe>] o2net_process_message+0x395/0x5b8 [ocfs2_nodemanager]
> [<ffffffffa030aac8>] o2net_rx_until_empty+0x762/0x90d [ocfs2_nodemanager]
> [<ffffffff81071802>] worker_thread+0x14d/0x1ed
>
> Signed-off-by: Srinivas Eeda <srinivas.eeda@oracle.com>
> ---
> fs/ocfs2/dlm/dlmast.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ocfs2/dlm/dlmast.c b/fs/ocfs2/dlm/dlmast.c
> index b46278f..dbc6cee 100644
> --- a/fs/ocfs2/dlm/dlmast.c
> +++ b/fs/ocfs2/dlm/dlmast.c
> @@ -385,8 +385,13 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32 len, void *data,
> head = &res->granted;
>
> list_for_each_entry(lock, head, list) {
> - if (lock->ml.cookie == cookie)
> - goto do_ast;
> + /* if lock is found but unlock is pending ignore the bast */
> + if (lock->ml.cookie == cookie) {
> + if (lock->unlock_pending)
> + break;
> + else
> + goto do_ast;
> + }
> }
>
> mlog(0, "Got %sast for unknown lock! cookie=%u:%llu, name=%.*s, "
>
I found you sent a version on Jan 30, 2012.
https://oss.oracle.com/pipermail/ocfs2-devel/2012-January/008469.html
Compared with the old version, this version only saves a little bit CPU,
am I right?
next prev parent reply other threads:[~2014-01-14 4:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-11 1:19 [Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper Srinivas Eeda
2014-01-13 15:37 ` Joel Becker
2014-01-14 5:32 ` Srinivas Eeda
2014-01-14 4:06 ` Joseph Qi [this message]
2014-01-14 5:33 ` Srinivas Eeda
-- strict thread matches above, loose matches on Subject: below --
2012-01-31 7:16 Srinivas Eeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52D4B7C5.7040409@huawei.com \
--to=joseph.qi@huawei.com \
--cc=ocfs2-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.