On Wed, Aug 26, 2015 at 03:12:09PM -0700, Andrew Morton wrote: > From: Yiwen Jiang <jiangyi...@huawei.com> > Subject: ocfs2: avoid access invalid address when read o2dlm debug messages > > The following case will lead to a lockres is freed but is still in use. > > cat /sys/kernel/debug/o2dlm/locking_state dlm_thread > lockres_seq_start > -> lock dlm->track_lock > -> get resA > resA->refs decrease to 0, > call dlm_lockres_release, > and wait for "cat" unlock. > Although resA->refs is already set to 0, > increase resA->refs, and then unlock > lock dlm->track_lock > -> list_del_init() > -> unlock > -> free resA > > In such a race case, invalid address access may occurs. So we should > delete list res->tracking before resA->refs decrease to 0. > > > Signed-off-by: Yiwen Jiang <jiangyi...@huawei.com> > Reviewed-by: Joseph Qi <joseph...@huawei.com> > Cc: Joel Becker <jl...@evilplan.org> > Cc: Mark Fasheh <mfas...@suse.com> > Signed-off-by: Andrew Morton <a...@linux-foundation.org>
I _think_ this is now correct. Signed-off-by: Mark Fasheh <mfas...@suse.de> -- Mark Fasheh _______________________________________________ Ocfs2-devel mailing list Ocfs2-devel@oss.oracle.com https://oss.oracle.com/mailman/listinfo/ocfs2-devel
