From: piaojun <piaojun@huawei.com>
To: ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [PATCH v3] ocfs2: fix a panic problem caused by o2cb_ctl
Date: Mon, 28 Jan 2019 10:23:01 +0800 [thread overview]
Message-ID: <5C4E6785.1020508@huawei.com> (raw)
In-Reply-To: <133d8045-72cc-863e-8eae-5013f9f6bc51@huawei.com>
On 2019/1/28 10:01, Jia Guo wrote:
> In the process of creating a node, it will cause NULL pointer
> dereference in kernel if o2cb_ctl failed in the interval
> (mkdir, o2cb_set_node_attribute(node_num)] in function o2cb_add_node.
>
> The node num is initialized to 0 in function o2nm_node_group_make_item,
> o2nm_node_group_drop_item will mistake the node number 0 for a
> valid node number when we delete the node before the node number is set
> correctly. If the local node number of the current host happens to be 0,
> cluster->cl_local_node will be set to O2NM_INVALID_NODE_NUM while
> o2hb_thread still running. The panic stack is generated as follows:
>
> o2hb_thread
> \-o2hb_do_disk_heartbeat
> \-o2hb_check_own_slot
> |-slot = ®->hr_slots[o2nm_this_node()];
> //o2nm_this_node() return O2NM_INVALID_NODE_NUM
>
> We need to check whether the node number is set when we delete the node.
>
> Signed-off-by: Jia Guo <guojia12@huawei.com>
> Reviewed-by: Joseph Qi <jiangqi903@gmail.com>
Acked-by: Jun Piao <piaojun@huawei.com>
> ---
> fs/ocfs2/cluster/nodemanager.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/fs/ocfs2/cluster/nodemanager.c b/fs/ocfs2/cluster/nodemanager.c
> index 0e4166c..4ac775e 100644
> --- a/fs/ocfs2/cluster/nodemanager.c
> +++ b/fs/ocfs2/cluster/nodemanager.c
> @@ -621,13 +621,15 @@ static void o2nm_node_group_drop_item(struct config_group *group,
> struct o2nm_node *node = to_o2nm_node(item);
> struct o2nm_cluster *cluster = to_o2nm_cluster(group->cg_item.ci_parent);
>
> - o2net_disconnect_node(node);
> + if (cluster->cl_nodes[node->nd_num] == node) {
> + o2net_disconnect_node(node);
>
> - if (cluster->cl_has_local &&
> - (cluster->cl_local_node == node->nd_num)) {
> - cluster->cl_has_local = 0;
> - cluster->cl_local_node = O2NM_INVALID_NODE_NUM;
> - o2net_stop_listening(node);
> + if (cluster->cl_has_local &&
> + (cluster->cl_local_node == node->nd_num)) {
> + cluster->cl_has_local = 0;
> + cluster->cl_local_node = O2NM_INVALID_NODE_NUM;
> + o2net_stop_listening(node);
> + }
> }
>
> /* XXX call into net to stop this node from trading messages */
>
> _______________________________________________
> Ocfs2-devel mailing list
> Ocfs2-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
>
prev parent reply other threads:[~2019-01-28 2:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-28 2:01 [Ocfs2-devel] [PATCH v3] ocfs2: fix a panic problem caused by o2cb_ctl Jia Guo
2019-01-28 2:23 ` piaojun [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5C4E6785.1020508@huawei.com \
--to=piaojun@huawei.com \
--cc=ocfs2-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.