[Cluster-devel] cluster/gfs-kernel/src/gfs ops_export.c ops_in ...
wcheng at sourceware.org
wcheng at sourceware.org
Tue Jun 5 18:15:52 UTC 2007
CVSROOT: /cvs/cluster
Module name: cluster
Changes by: wcheng at sourceware.org 2007-06-05 18:15:51
Modified files:
gfs-kernel/src/gfs: ops_export.c ops_inode.c
Log message:
Bugzilla 236565
Fix a race between GFS lookup code and VM cache reclaim logic kicked off
under memory pressure. At the end of the lookup, gfs releases inode glock
pre-maturely. This creates a window inside the bottom portion of logic
that could make gfs_iget updating the associated GFS inode structure that
has been freed. Depending on who gets the new memory, unspecified corruptions
occur.
In the case where this bug is found, it corrupts TCP buffer head that ends
up trashing nfsd kernel stack.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_export.c.diff?cvsroot=cluster&r1=1.10&r2=1.11
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_inode.c.diff?cvsroot=cluster&r1=1.16&r2=1.17
--- cluster/gfs-kernel/src/gfs/ops_export.c 2007/05/08 18:11:06 1.10
+++ cluster/gfs-kernel/src/gfs/ops_export.c 2007/06/05 18:15:51 1.11
@@ -368,11 +368,11 @@
atomic_inc(&sdp->sd_fh2dentry_misses);
out:
- gfs_glock_dq_uninit(&i_gh);
-
inode = gfs_iget(ip, CREATE);
gfs_inode_put(ip);
+ gfs_glock_dq_uninit(&i_gh);
+
if (!inode)
return ERR_PTR(-ENOMEM);
--- cluster/gfs-kernel/src/gfs/ops_inode.c 2007/02/02 21:01:04 1.16
+++ cluster/gfs-kernel/src/gfs/ops_inode.c 2007/06/05 18:15:51 1.17
@@ -334,12 +334,12 @@
if (i_gh.gh_gl) {
ip = get_gl2ip(i_gh.gh_gl);
- gfs_glock_dq_uninit(&d_gh);
- gfs_glock_dq_uninit(&i_gh);
-
inode = gfs_iget(ip, CREATE);
gfs_inode_put(ip);
+ gfs_glock_dq_uninit(&d_gh);
+ gfs_glock_dq_uninit(&i_gh);
+
if (!inode)
return ERR_PTR(-ENOMEM);
} else
More information about the Cluster-devel
mailing list