[PATCH 16/20] staging/lustre/libcfs: protect kkuc_groups from write access

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: green@linuxhacker.ru
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	devel@driverdev.osuosl.org,
	Andreas Dilger <andreas.dilger@intel.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Frank Zago <fzago@cray.com>, Oleg Drokin <oleg.drokin@intel.com>
Subject: [PATCH 16/20] staging/lustre/libcfs: protect kkuc_groups from write access
Date: Sun,  1 Feb 2015 21:52:15 -0500	[thread overview]
Message-ID: <1422845539-26742-17-git-send-email-green@linuxhacker.ru> (raw)
In-Reply-To: <1422845539-26742-1-git-send-email-green@linuxhacker.ru>

From: Frank Zago <fzago@cray.com>

Since reg->kr_fp can be changed inside the foreach loop,
kkuc_groups must be write protected, and not just read protected.

This should fix the following oops, which could happen if two different
threads simultaneously execute the function, and EPIPE is returned.

PID: 24385  TASK: ffff88012da5f500  CPU: 1   COMMAND: "ldlm_cb00_056"
 #0 [ffff88012db55810] machine_kexec at ffffffff81038f3b
 #1 [ffff88012db55870] crash_kexec at ffffffff810c59f2
 #2 [ffff88012db55940] oops_end at ffffffff8152b7f0
 #3 [ffff88012db55970] no_context at ffffffff8104a00b
 #4 [ffff88012db559c0] __bad_area_nosemaphore at ffffffff8104a295
 #5 [ffff88012db55a10] bad_area_nosemaphore at ffffffff8104a363
 #6 [ffff88012db55a20] __do_page_fault at ffffffff8104aabf
 #7 [ffff88012db55b40] do_page_fault at ffffffff8152d73e
 #8 [ffff88012db55b70] page_fault at ffffffff8152aaf5
    [exception RIP: fput+9]
    RIP: ffffffff8118a509  RSP: ffff88012db55c20  RFLAGS: 00010246
    RAX: 00000000ffffffe0  RBX: ffff8800a8ea4fc0  RCX: 0000000000000000
    RDX: ffffffffa03c9eb0  RSI: 0000000000000000  RDI: 0000000000000000
    RBP: ffff88012db55c20   R8: 00000000ffffff0a   R9: 00000000fffffffc
    R10: 0000000000000001  R11: 282064656c696166  R12: ffffffffa03c9c60
    R13: ffff88005df240f8  R14: 0000000000000000  R15: ffff88013b4ca000
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff88012db55c28] libcfs_kkuc_group_put at ffffffffa0388044 [libcfs]
[ptlrpc]

Signed-off-by: frank zago <fzago@cray.com>
Reviewed-on: http://review.whamcloud.com/11355
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5458
Reviewed-by: Patrick Farrell <paf@cray.com>
Reviewed-by: James Simmons <uja.ornl@gmail.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
---
 drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c
index e2aa637..d9b7c6b 100644
--- a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c
+++ b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c
@@ -228,12 +228,12 @@ int libcfs_kkuc_group_foreach(int group, libcfs_kkuc_cb_t cb_func,
 	if (kkuc_groups[group].next == NULL)
 		return 0;
 
-	down_read(&kg_sem);
+	down_write(&kg_sem);
 	list_for_each_entry(reg, &kkuc_groups[group], kr_chain) {
 		if (reg->kr_fp != NULL)
 			rc = cb_func(reg->kr_data, cb_arg);
 	}
-	up_read(&kg_sem);
+	up_write(&kg_sem);
 
 	return rc;
 }
-- 
2.1.0

next prev parent reply	other threads:[~2015-02-02  2:54 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-02  2:51 [PATCH 00/20] Lustre fixes green
2015-02-02  2:52 ` [PATCH 01/20] staging/lustre/ptlrpc: avoid list scan in ptlrpcd_check green
2015-02-02  2:52 ` [PATCH 02/20] staging/lustre/osc: split different type of IO green
2015-02-02  2:52 ` [PATCH 03/20] staging/lustre/ldlm: high load because of negative timeout green
2015-02-02  2:52 ` [PATCH 04/20] staging/lustre/libcfs: fix illegal page access of tracefiled() green
2015-02-02  2:52 ` [PATCH 05/20] staging/lustre/obdclass: fix a race in recovery green
2015-02-02  2:52 ` [PATCH 06/20] staging/lustre: fix comparison between signed and unsigned green
2015-02-02 13:02   ` Dan Carpenter
2015-02-02 15:44     ` Greg Kroah-Hartman
2015-02-02 20:25       ` Oleg Drokin
2015-02-02 20:51         ` Greg Kroah-Hartman
2015-02-02 23:16           ` Oleg Drokin
2015-02-02  2:52 ` [PATCH 07/20] staging/lustre/lnet: peer aliveness status and NI status green
2015-02-02  2:52 ` [PATCH 08/20] staging/lustre/llite: to configure max_cached_mb correctly green
2015-02-02  2:52 ` [PATCH 09/20] staging/lustre/llite: remove llite proc root on init failure green
2015-02-02  2:52 ` [PATCH 10/20] staging/lustre/obdclass: Proper swabbing of llog_rec_tail green
2015-02-02  2:52 ` [PATCH 11/20] staging/lustre/lnet: portal spreading rotor should be unsigned green
2015-02-02  2:52 ` [PATCH 12/20] staging/lustre/obd: change type of cl_conn_count to size_t green
2015-02-07  9:30   ` Greg Kroah-Hartman
2015-02-02  2:52 ` [PATCH 13/20] staging/lustre/ptlrpc: hold rq_lock when modify rq_flags green
2015-02-02  2:52 ` [PATCH 14/20] staging/lustre/llite: Solve a race to access lli_has_smd in read case green
2015-02-02  2:52 ` [PATCH 15/20] staging/lustre/fld: refer to MDT0 for fld lookup in some cases green
2015-02-02  2:52 ` green [this message]
2015-02-02  2:52 ` [PATCH 17/20] staging/lustre/llite: Add exception entry check after radix_tree green
2015-02-02  2:52 ` [PATCH 18/20] staging/lustre/llite: don't add to page cache upon failure green
2015-02-02  2:52 ` [PATCH 19/20] staging/lustre/clio: Do not allow group locks with gid 0 green
2015-02-02  2:52 ` [PATCH 20/20] staging/lustre/mdc: Initialize req in mdc_enqueue for !it case green

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e2aa637 dfblob:d9b7c6b )
 OR (
bs:"[PATCH 16/20] staging/lustre/libcfs: protect kkuc_groups from write access" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1422845539-26742-17-git-send-email-green@linuxhacker.ru \
    --to=green@linuxhacker.ru \
    --cc=andreas.dilger@intel.com \
    --cc=devel@driverdev.osuosl.org \
    --cc=fzago@cray.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oleg.drokin@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox