Re: [Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
On Fri, Jan 10, 2014 at 05:19:13PM -0800, Srinivas Eeda wrote:
From: Srinivas Eeda seeda@srini.(none)
A tiny race between BAST and unlock message causes the NULL dereference.
A node sends an unlock request to master and receives a response. Before
processing the response it receives a BAST from the master. Since both
requests
are processed by different threads it creates a race. While the BAST is being
processed, lock can get freed by unlock code.
This patch makes bast to return immediately if lock is found but unlock is
pending. The code should handle this race. We also have to fix master node to
skip sending BAST after receiving unlock message.
Did the master send the BAST after the unlock, or does that race too?
Does the master know the unlock has succeeded, or does it just think so?
@@ -385,8 +385,13 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32
len, void *data,
head = res-granted;
list_for_each_entry(lock, head, list) {
- if (lock-ml.cookie == cookie)
- goto do_ast;
+ /* if lock is found but unlock is pending ignore the bast */
+ if (lock-ml.cookie == cookie) {
+ if (lock-unlock_pending)
+ break;
+ else
+ goto do_ast;
+ }
This breaks out for asts as well as basts. Can't that cause problems
with the unlock ast expected by the caller?
Joel
--
Not being known doesn't stop the truth from being true.
- Richard Bach
http://www.jlbec.org/
jl...@evilplan.org
___
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Re: [Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
On 2014/1/11 9:19, Srinivas Eeda wrote:
From: Srinivas Eeda seeda@srini.(none)
A tiny race between BAST and unlock message causes the NULL dereference.
A node sends an unlock request to master and receives a response. Before
processing the response it receives a BAST from the master. Since both
requests
are processed by different threads it creates a race. While the BAST is being
processed, lock can get freed by unlock code.
This patch makes bast to return immediately if lock is found but unlock is
pending. The code should handle this race. We also have to fix master node to
skip sending BAST after receiving unlock message.
Below is the crash stack
BUG: unable to handle kernel NULL pointer dereference at 0048
IP: [a015e023] o2dlm_blocking_ast_wrapper+0xd/0x16
[a034e3db] dlm_do_local_bast+0x8e/0x97 [ocfs2_dlm]
[a034f366] dlm_proxy_ast_handler+0x838/0x87e [ocfs2_dlm]
[a0308abe] o2net_process_message+0x395/0x5b8 [ocfs2_nodemanager]
[a030aac8] o2net_rx_until_empty+0x762/0x90d [ocfs2_nodemanager]
[81071802] worker_thread+0x14d/0x1ed
Signed-off-by: Srinivas Eeda srinivas.e...@oracle.com
---
fs/ocfs2/dlm/dlmast.c |9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/fs/ocfs2/dlm/dlmast.c b/fs/ocfs2/dlm/dlmast.c
index b46278f..dbc6cee 100644
--- a/fs/ocfs2/dlm/dlmast.c
+++ b/fs/ocfs2/dlm/dlmast.c
@@ -385,8 +385,13 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32
len, void *data,
head = res-granted;
list_for_each_entry(lock, head, list) {
- if (lock-ml.cookie == cookie)
- goto do_ast;
+ /* if lock is found but unlock is pending ignore the bast */
+ if (lock-ml.cookie == cookie) {
+ if (lock-unlock_pending)
+ break;
+ else
+ goto do_ast;
+ }
}
mlog(0, Got %sast for unknown lock! cookie=%u:%llu, name=%.*s,
I found you sent a version on Jan 30, 2012.
https://oss.oracle.com/pipermail/ocfs2-devel/2012-January/008469.html
Compared with the old version, this version only saves a little bit CPU,
am I right?
___
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Re: [Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
On 01/13/2014 08:06 PM, Joseph Qi wrote:
On 2014/1/11 9:19, Srinivas Eeda wrote:
From: Srinivas Eeda seeda@srini.(none)
A tiny race between BAST and unlock message causes the NULL dereference.
A node sends an unlock request to master and receives a response. Before
processing the response it receives a BAST from the master. Since both
requests
are processed by different threads it creates a race. While the BAST is being
processed, lock can get freed by unlock code.
This patch makes bast to return immediately if lock is found but unlock is
pending. The code should handle this race. We also have to fix master node to
skip sending BAST after receiving unlock message.
Below is the crash stack
BUG: unable to handle kernel NULL pointer dereference at 0048
IP: [a015e023] o2dlm_blocking_ast_wrapper+0xd/0x16
[a034e3db] dlm_do_local_bast+0x8e/0x97 [ocfs2_dlm]
[a034f366] dlm_proxy_ast_handler+0x838/0x87e [ocfs2_dlm]
[a0308abe] o2net_process_message+0x395/0x5b8 [ocfs2_nodemanager]
[a030aac8] o2net_rx_until_empty+0x762/0x90d [ocfs2_nodemanager]
[81071802] worker_thread+0x14d/0x1ed
Signed-off-by: Srinivas Eeda srinivas.e...@oracle.com
---
fs/ocfs2/dlm/dlmast.c |9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/fs/ocfs2/dlm/dlmast.c b/fs/ocfs2/dlm/dlmast.c
index b46278f..dbc6cee 100644
--- a/fs/ocfs2/dlm/dlmast.c
+++ b/fs/ocfs2/dlm/dlmast.c
@@ -385,8 +385,13 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32
len, void *data,
head = res-granted;
list_for_each_entry(lock, head, list) {
-if (lock-ml.cookie == cookie)
-goto do_ast;
+/* if lock is found but unlock is pending ignore the bast */
+if (lock-ml.cookie == cookie) {
+if (lock-unlock_pending)
+break;
+else
+goto do_ast;
+}
}
mlog(0, Got %sast for unknown lock! cookie=%u:%llu, name=%.*s,
I found you sent a version on Jan 30, 2012.
https://oss.oracle.com/pipermail/ocfs2-devel/2012-January/008469.html
Compared with the old version, this version only saves a little bit CPU,
am I right?
Yes you are right. I made the change as Goldwyn suggested which is a
good thing to have :)
___
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
Re: [Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
On 01/13/2014 07:37 AM, Joel Becker wrote:
On Fri, Jan 10, 2014 at 05:19:13PM -0800, Srinivas Eeda wrote:
From: Srinivas Eeda seeda@srini.(none)
A tiny race between BAST and unlock message causes the NULL dereference.
A node sends an unlock request to master and receives a response. Before
processing the response it receives a BAST from the master. Since both
requests
are processed by different threads it creates a race. While the BAST is being
processed, lock can get freed by unlock code.
This patch makes bast to return immediately if lock is found but unlock is
pending. The code should handle this race. We also have to fix master node to
skip sending BAST after receiving unlock message.
Did the master send the BAST after the unlock, or does that race too?
Does the master know the unlock has succeeded, or does it just think so?
I think it's due to a race but I haven't debugged the master. My guess
is unlock request sneaked in before the dlm_flush_asts was called.
However non master node should handle this race as well, so just did
that part which fixed a bug we were seeing.
@@ -385,8 +385,13 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32
len, void *data,
head = res-granted;
list_for_each_entry(lock, head, list) {
-if (lock-ml.cookie == cookie)
-goto do_ast;
+/* if lock is found but unlock is pending ignore the bast */
+if (lock-ml.cookie == cookie) {
+if (lock-unlock_pending)
+break;
+else
+goto do_ast;
+}
This breaks out for asts as well as basts. Can't that cause problems
with the unlock ast expected by the caller?
if unlock_pending is set, then the node is trying to unlock an existing
lock and shouldn't receive any asts ?
Joel
___
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
[Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
From: Srinivas Eeda seeda@srini.(none)
A tiny race between BAST and unlock message causes the NULL dereference.
A node sends an unlock request to master and receives a response. Before
processing the response it receives a BAST from the master. Since both requests
are processed by different threads it creates a race. While the BAST is being
processed, lock can get freed by unlock code.
This patch makes bast to return immediately if lock is found but unlock is
pending. The code should handle this race. We also have to fix master node to
skip sending BAST after receiving unlock message.
Below is the crash stack
BUG: unable to handle kernel NULL pointer dereference at 0048
IP: [a015e023] o2dlm_blocking_ast_wrapper+0xd/0x16
[a034e3db] dlm_do_local_bast+0x8e/0x97 [ocfs2_dlm]
[a034f366] dlm_proxy_ast_handler+0x838/0x87e [ocfs2_dlm]
[a0308abe] o2net_process_message+0x395/0x5b8 [ocfs2_nodemanager]
[a030aac8] o2net_rx_until_empty+0x762/0x90d [ocfs2_nodemanager]
[81071802] worker_thread+0x14d/0x1ed
Signed-off-by: Srinivas Eeda srinivas.e...@oracle.com
---
fs/ocfs2/dlm/dlmast.c |9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/fs/ocfs2/dlm/dlmast.c b/fs/ocfs2/dlm/dlmast.c
index b46278f..dbc6cee 100644
--- a/fs/ocfs2/dlm/dlmast.c
+++ b/fs/ocfs2/dlm/dlmast.c
@@ -385,8 +385,13 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32 len,
void *data,
head = res-granted;
list_for_each_entry(lock, head, list) {
- if (lock-ml.cookie == cookie)
- goto do_ast;
+ /* if lock is found but unlock is pending ignore the bast */
+ if (lock-ml.cookie == cookie) {
+ if (lock-unlock_pending)
+ break;
+ else
+ goto do_ast;
+ }
}
mlog(0, Got %sast for unknown lock! cookie=%u:%llu, name=%.*s,
--
1.7.9.5
___
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/ocfs2-devel
[Ocfs2-devel] [PATCH 1/1] o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper
A tiny race between BAST and unlock message causes the NULL dereference.
A node sends an unlock request to master and receives a response. Before
processing the response it receives a BAST from the master. Since both requests
are processed by different threads it creates a race. While the BAST is being
processed, lock can get freed by unlock code.
This patch makes bast to return immediately if lock is found but unlock is
pending. The code should handle this race. We also have to fix master node to
skip sending BAST after receiving unlock message.
Below is the crash stack
BUG: unable to handle kernel NULL pointer dereference at 0048
IP: [a015e023] o2dlm_blocking_ast_wrapper+0xd/0x16
[a034e3db] dlm_do_local_bast+0x8e/0x97 [ocfs2_dlm]
[a034f366] dlm_proxy_ast_handler+0x838/0x87e [ocfs2_dlm]
[a0308abe] o2net_process_message+0x395/0x5b8 [ocfs2_nodemanager]
[a030aac8] o2net_rx_until_empty+0x762/0x90d [ocfs2_nodemanager]
[81071802] worker_thread+0x14d/0x1ed
Signed-off-by: Srinivas Eeda srinivas.e...@oracle.com
---
fs/ocfs2/dlm/dlmast.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/ocfs2/dlm/dlmast.c b/fs/ocfs2/dlm/dlmast.c
index 3a3ed4b..1281e8a 100644
--- a/fs/ocfs2/dlm/dlmast.c
+++ b/fs/ocfs2/dlm/dlmast.c
@@ -386,8 +386,9 @@ int dlm_proxy_ast_handler(struct o2net_msg *msg, u32 len,
void *data,
head = res-granted;
list_for_each(iter, head) {
+ /* if lock is found but unlock is pending ignore the bast */
lock = list_entry (iter, struct dlm_lock, list);
- if (lock-ml.cookie == cookie)
+ if ((lock-ml.cookie == cookie) (!lock-unlock_pending))
goto do_ast;
}
--
1.5.4.3
___
Ocfs2-devel mailing list
Ocfs2-devel@oss.oracle.com
http://oss.oracle.com/mailman/listinfo/ocfs2-devel
