[dm-devel] [patch] dm-raid1.c fix a race bug in __rh_alloc()
Jonathan E Brassow
jbrassow at redhat.com
Fri Jun 24 15:33:25 UTC 2005
I believe this also fixes Jun'ichi's issue ([dm-devel] [PATCH]
2.6.12-rc6: fix __rh_alloc()/rh_update_states() race in dm-raid1.c)
brassow
On Jun 16, 2005, at 9:21 PM, Zhao Qian wrote:
> after write_unlock_irq and just before read_lock, there's a small
> window which enables a race causing deletion of the region struct in
> function rh_update_states(). then in rh_dec(), the __rh_lookup() will
> return null, causing kernel panic.
>
>
> [root at darkstar md]# diff -u dm-raid1.orig.c dm-raid1.c
> --- dm-raid1.orig.c 2005-06-16 14:17:04.000000000 +0800
> +++ dm-raid1.c 2005-06-17 10:02:04.000000000 +0800
> @@ -252,15 +252,16 @@
>
> else {
> __rh_insert(rh, nreg);
> - if (nreg->state == RH_CLEAN) {
> - spin_lock(&rh->region_lock);
> - list_add(&nreg->list, &rh->clean_regions);
> - spin_unlock(&rh->region_lock);
> - }
> reg = nreg;
> }
> write_unlock_irq(&rh->hash_lock);
> read_lock(&rh->hash_lock);
> + if (reg->state == RH_CLEAN) {
> + spin_lock(&rh->region_lock);
> + if ( list_empty(®->list) )
> + list_add(®->list, &rh->clean_regions);
> + spin_unlock(&rh->region_lock);
> + }
>
> return reg;
> }
>
> Sincerely,
> Johnson <dujun at aaastor.com>
> AiM9 <zhaoqian at aaastor.com>
>
> --
> dm-devel mailing list
> dm-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/dm-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1549 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20050624/0eed56cf/attachment.bin>
More information about the dm-devel
mailing list