summaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
authorYiwen Jiang <jiangyiwen@huawei.com>2015-09-05 00:44:37 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2015-09-05 01:54:41 +0200
commitf57a22ddecd6f26040a67e2c12880f98f88b6e00 (patch)
treed83dbca8f8bdd0e918addfd21f529f483734fc4e /net/core
parentocfs2: take inode lock in ocfs2_iop_set/get_acl() (diff)
downloadlinux-f57a22ddecd6f26040a67e2c12880f98f88b6e00.tar.xz
linux-f57a22ddecd6f26040a67e2c12880f98f88b6e00.zip
ocfs2: avoid access invalid address when read o2dlm debug messages
The following case will lead to a lockres is freed but is still in use. cat /sys/kernel/debug/o2dlm/locking_state dlm_thread lockres_seq_start -> lock dlm->track_lock -> get resA resA->refs decrease to 0, call dlm_lockres_release, and wait for "cat" unlock. Although resA->refs is already set to 0, increase resA->refs, and then unlock lock dlm->track_lock -> list_del_init() -> unlock -> free resA In such a race case, invalid address access may occurs. So we should delete list res->tracking before resA->refs decrease to 0. Signed-off-by: Yiwen Jiang <jiangyiwen@huawei.com> Reviewed-by: Joseph Qi <joseph.qi@huawei.com> Cc: Joel Becker <jlbec@evilplan.org> Signed-off-by: Mark Fasheh <mfasheh@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net/core')
0 files changed, 0 insertions, 0 deletions