[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] cluster/gfs-kernel/src/gfs ops_export.c ops_in ...



CVSROOT:	/cvs/cluster
Module name:	cluster
Changes by:	wcheng sourceware org	2007-06-05 18:15:51

Modified files:
	gfs-kernel/src/gfs: ops_export.c ops_inode.c 

Log message:
	Bugzilla 236565
	
	Fix a race between GFS lookup code and VM cache reclaim logic kicked off
	under memory pressure. At the end of the lookup, gfs releases inode glock
	pre-maturely.  This creates a window inside the bottom portion of logic
	that could make gfs_iget updating the associated GFS inode structure that
	has been freed. Depending on who gets the new memory, unspecified corruptions
	occur.
	
	In the case where this bug is found, it corrupts TCP buffer head that ends
	up trashing nfsd kernel stack.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_export.c.diff?cvsroot=cluster&r1=1.10&r2=1.11
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_inode.c.diff?cvsroot=cluster&r1=1.16&r2=1.17

--- cluster/gfs-kernel/src/gfs/ops_export.c	2007/05/08 18:11:06	1.10
+++ cluster/gfs-kernel/src/gfs/ops_export.c	2007/06/05 18:15:51	1.11
@@ -368,11 +368,11 @@
 	atomic_inc(&sdp->sd_fh2dentry_misses);
 
  out:
-	gfs_glock_dq_uninit(&i_gh);
-
 	inode = gfs_iget(ip, CREATE);
 	gfs_inode_put(ip);
 
+	gfs_glock_dq_uninit(&i_gh);
+
 	if (!inode)
 		return ERR_PTR(-ENOMEM);
 
--- cluster/gfs-kernel/src/gfs/ops_inode.c	2007/02/02 21:01:04	1.16
+++ cluster/gfs-kernel/src/gfs/ops_inode.c	2007/06/05 18:15:51	1.17
@@ -334,12 +334,12 @@
 	if (i_gh.gh_gl) {
 		ip = get_gl2ip(i_gh.gh_gl);
 
-		gfs_glock_dq_uninit(&d_gh);
-		gfs_glock_dq_uninit(&i_gh);
-
 		inode = gfs_iget(ip, CREATE);
 		gfs_inode_put(ip);
 
+		gfs_glock_dq_uninit(&d_gh);
+		gfs_glock_dq_uninit(&i_gh);
+
 		if (!inode)
 			return ERR_PTR(-ENOMEM);
 	} else


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]