[Cluster-devel] cluster/gfs-kernel/src/gfs ops_export.c ops_in ...
wcheng at sourceware.org
wcheng at sourceware.org
Tue Jun 5 18:43:53 UTC 2007
CVSROOT: /cvs/cluster
Module name: cluster
Branch: RHEL4
Changes by: wcheng at sourceware.org 2007-06-05 18:43:53
Modified files:
gfs-kernel/src/gfs: ops_export.c ops_inode.c
Log message:
Bugzilla 242720
Fix a race between GFS lookup code and VM cache reclaim logic kicked off
under memory pressure. At the end of the lookup, gfs releases inode glock
pre-maturely. This creates a window inside the bottom portion of logic
that could make gfs_iget updating the associated GFS inode memory that
has been freed. Depending on who gets the new memory, unspecified corruptions
occur.
In the case where this bug is found (RHEL5 bugzilla 236565), it corrupts
TCP buffer head that ends up trashing nfsd kernel stack.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_export.c.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.3.2.4&r2=1.3.2.5
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_inode.c.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.6.2.6&r2=1.6.2.7
--- cluster/gfs-kernel/src/gfs/ops_export.c 2007/02/13 05:40:59 1.3.2.4
+++ cluster/gfs-kernel/src/gfs/ops_export.c 2007/06/05 18:43:53 1.3.2.5
@@ -364,11 +364,11 @@
goto fail;
out:
- gfs_glock_dq_uninit(&i_gh);
-
inode = gfs_iget(ip, CREATE);
gfs_inode_put(ip);
+ gfs_glock_dq_uninit(&i_gh);
+
if (!inode)
return ERR_PTR(-ENOMEM);
--- cluster/gfs-kernel/src/gfs/ops_inode.c 2007/02/14 23:15:44 1.6.2.6
+++ cluster/gfs-kernel/src/gfs/ops_inode.c 2007/06/05 18:43:53 1.6.2.7
@@ -324,12 +324,12 @@
if (i_gh.gh_gl) {
ip = gl2ip(i_gh.gh_gl);
- gfs_glock_dq_uninit(&d_gh);
- gfs_glock_dq_uninit(&i_gh);
-
inode = gfs_iget(ip, CREATE);
gfs_inode_put(ip);
+ gfs_glock_dq_uninit(&d_gh);
+ gfs_glock_dq_uninit(&i_gh);
+
if (!inode)
return ERR_PTR(-ENOMEM);
} else
More information about the Cluster-devel
mailing list