Re: [PATCH] Fix potential OOPS in generic_setlease()

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Pavel Emelyanov <xemul@...>

To: J. Bruce Fields <bfields@...>

Cc: Andrew Morton <akpm@...>, Linux Kernel Mailing List <linux-kernel@...>, <devel@...>

Subject: Re: [PATCH] Fix potential OOPS in generic_setlease()

Date: Thursday, September 20, 2007 - 4:38 am

J. Bruce Fields wrote:
quoted text> On Wed, Sep 19, 2007 at 06:26:05PM +0400, Pavel Emelyanov wrote:
>> This code is run under lock_kernel(), which is dropped during
>> sleeping operations, so the following race is possible:
>>
>> CPU1:                                CPU2:
>>   vfs_setlease();                    vfs_setlease();
>>   lock_kernel();
>>                                      lock_kernel(); /* spin */
>>   generic_setlease():
>>     ...
>>     for (before = ...)
>>     /* here we found some lease after
>>      * which we will insert the new one
>>      */
>>     fl = locks_alloc_lock();
>>     /* go to sleep in this allocation and
>>      * drop the BKL
>>      */
>>                                      generic_setlease():
>>                                        ...
>>                                        for (before = ...)
>>                                        /* here we find the "before" pointing
>>                                         * at the one we found on CPU1
>>                                         */
>>                                       ->fl_change(my_before, arg);
>>                                               lease_modify();
>>                                                      locks_free_lock();
>>                                                      /* and we freed it */
>>                                      ...
>>                                      unlock_kernel();
>>    locks_insert_lock(before, fl);
>>    /* OOPS! We have just tried to add the lease
>>     * at the tail of already removed one
>>     */
> 
> Thanks for spotting this!
> 
> But--careful-- it looks like "fl" is also used as a temporary variable
> in a loop between the new and old location of that allocation.  Isn't
> that a bug?

OOPS! Good catch, thanks. I will resend the patch shortly.
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] Fix potential OOPS in generic_setlease(), Pavel Emelyanov, (Wed Sep 19, 10:26 am)

Re: [PATCH] Fix potential OOPS in generic_setlease(), J. Bruce Fields, (Wed Sep 19, 3:30 pm)

Re: [PATCH] Fix potential OOPS in generic_setlease(), Pavel Emelyanov, (Thu Sep 20, 4:38 am)

Navigation

Popular discussions


linux-kernel:
Andrea Arcangeli	[PATCH 00 of 12] mmu notifier #v13
Eric W. Biederman	Remaining straight forward kthread API conversions...
Eric Paris	Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on access scan...
Trond Myklebust	Re: Announce: Linux-next (Or Andrew's dream :-))
git:

linux-netdev:
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
David Miller	[GIT]: Networking
Herbert Xu	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Alexey Dobriyan	[PATCH 04/33] Fix {ip,6}_route_me_harder() in netns
openbsd-misc:

Colocation donated by:

Online users

Syndicate