Due to a typo, local pointer was defined as static leading to a nasty race:
1. Thread A (handling ploopN) initializes that pointer 2. Thread B (handling ploopM) re-initialize the same pointer 3. Thread A proceeds with using the pointer that currently points to some request belonging to ploopM. Hence data (ploop requests) leaked from one ploop device to another leading to list corruption. https://jira.sw.ru/browse/PSBM-67513 Signed-off-by: Maxim Patlasov <[email protected]> --- drivers/block/ploop/push_backup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/block/ploop/push_backup.c b/drivers/block/ploop/push_backup.c index ade5fa5..032706e 100644 --- a/drivers/block/ploop/push_backup.c +++ b/drivers/block/ploop/push_backup.c @@ -598,7 +598,7 @@ ploop_pb_get_first_req_from_tree(struct pb_set *pbs, unsigned old_owner) { struct rb_root *tree = &pbs->tree; - static struct ploop_request *p; + struct ploop_request *p; struct rb_node *n = rb_first(tree); if (!n) _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
