From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932381AbbBBCyD (ORCPT ); Sun, 1 Feb 2015 21:54:03 -0500 Received: from linuxhacker.ru ([217.76.32.60]:59863 "EHLO fiona.linuxhacker.ru" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S932270AbbBBCxg (ORCPT ); Sun, 1 Feb 2015 21:53:36 -0500 From: green@linuxhacker.ru To: Greg Kroah-Hartman , devel@driverdev.osuosl.org, Andreas Dilger Cc: Linux Kernel Mailing List , Frank Zago , Oleg Drokin Subject: [PATCH 16/20] staging/lustre/libcfs: protect kkuc_groups from write access Date: Sun, 1 Feb 2015 21:52:15 -0500 Message-Id: <1422845539-26742-17-git-send-email-green@linuxhacker.ru> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1422845539-26742-1-git-send-email-green@linuxhacker.ru> References: <1422845539-26742-1-git-send-email-green@linuxhacker.ru> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Frank Zago Since reg->kr_fp can be changed inside the foreach loop, kkuc_groups must be write protected, and not just read protected. This should fix the following oops, which could happen if two different threads simultaneously execute the function, and EPIPE is returned. PID: 24385 TASK: ffff88012da5f500 CPU: 1 COMMAND: "ldlm_cb00_056" #0 [ffff88012db55810] machine_kexec at ffffffff81038f3b #1 [ffff88012db55870] crash_kexec at ffffffff810c59f2 #2 [ffff88012db55940] oops_end at ffffffff8152b7f0 #3 [ffff88012db55970] no_context at ffffffff8104a00b #4 [ffff88012db559c0] __bad_area_nosemaphore at ffffffff8104a295 #5 [ffff88012db55a10] bad_area_nosemaphore at ffffffff8104a363 #6 [ffff88012db55a20] __do_page_fault at ffffffff8104aabf #7 [ffff88012db55b40] do_page_fault at ffffffff8152d73e #8 [ffff88012db55b70] page_fault at ffffffff8152aaf5 [exception RIP: fput+9] RIP: ffffffff8118a509 RSP: ffff88012db55c20 RFLAGS: 00010246 RAX: 00000000ffffffe0 RBX: ffff8800a8ea4fc0 RCX: 0000000000000000 RDX: ffffffffa03c9eb0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88012db55c20 R8: 00000000ffffff0a R9: 00000000fffffffc R10: 0000000000000001 R11: 282064656c696166 R12: ffffffffa03c9c60 R13: ffff88005df240f8 R14: 0000000000000000 R15: ffff88013b4ca000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #9 [ffff88012db55c28] libcfs_kkuc_group_put at ffffffffa0388044 [libcfs] [ptlrpc] Signed-off-by: frank zago Reviewed-on: http://review.whamcloud.com/11355 Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5458 Reviewed-by: Patrick Farrell Reviewed-by: James Simmons Reviewed-by: Dmitry Eremin Signed-off-by: Oleg Drokin --- drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c index e2aa637..d9b7c6b 100644 --- a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c +++ b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c @@ -228,12 +228,12 @@ int libcfs_kkuc_group_foreach(int group, libcfs_kkuc_cb_t cb_func, if (kkuc_groups[group].next == NULL) return 0; - down_read(&kg_sem); + down_write(&kg_sem); list_for_each_entry(reg, &kkuc_groups[group], kr_chain) { if (reg->kr_fp != NULL) rc = cb_func(reg->kr_data, cb_arg); } - up_read(&kg_sem); + up_write(&kg_sem); return rc; } -- 2.1.0