From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Bob Peterson <rpeterso@redhat.com>,
Andreas Gruenbacher <agruenba@redhat.com>
Subject: [PATCH 4.4 85/93] gfs2: Dont skip dlm unlock if glock has an lvb
Date: Mon, 1 Mar 2021 17:13:37 +0100 [thread overview]
Message-ID: <20210301161011.045363333@linuxfoundation.org> (raw)
In-Reply-To: <20210301161006.881950696@linuxfoundation.org>
From: Bob Peterson <rpeterso@redhat.com>
commit 78178ca844f0eb88f21f31c7fde969384be4c901 upstream.
Patch fb6791d100d1 was designed to allow gfs2 to unmount quicker by
skipping the step where it tells dlm to unlock glocks in EX with lvbs.
This was done because when gfs2 unmounts a file system, it destroys the
dlm lockspace shortly after it destroys the glocks so it doesn't need to
unlock them all: the unlock is implied when the lockspace is destroyed
by dlm.
However, that patch introduced a use-after-free in dlm: as part of its
normal dlm_recoverd process, it can call ls_recovery to recover dead
locks. In so doing, it can call recover_rsbs which calls recover_lvb for
any mastered rsbs. Func recover_lvb runs through the list of lkbs queued
to the given rsb (if the glock is cached but unlocked, it will still be
queued to the lkb, but in NL--Unlocked--mode) and if it has an lvb,
copies it to the rsb, thus trying to preserve the lkb. However, when
gfs2 skips the dlm unlock step, it frees the glock and its lvb, which
means dlm's function recover_lvb references the now freed lvb pointer,
copying the freed lvb memory to the rsb.
This patch changes the check in gdlm_put_lock so that it calls
dlm_unlock for all glocks that contain an lvb pointer.
Fixes: fb6791d100d1 ("GFS2: skip dlm_unlock calls in unmount")
Cc: stable@vger.kernel.org # v3.8+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/lock_dlm.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/fs/gfs2/lock_dlm.c
+++ b/fs/gfs2/lock_dlm.c
@@ -284,7 +284,6 @@ static void gdlm_put_lock(struct gfs2_gl
{
struct gfs2_sbd *sdp = gl->gl_name.ln_sbd;
struct lm_lockstruct *ls = &sdp->sd_lockstruct;
- int lvb_needs_unlock = 0;
int error;
if (gl->gl_lksb.sb_lkid == 0) {
@@ -297,13 +296,10 @@ static void gdlm_put_lock(struct gfs2_gl
gfs2_sbstats_inc(gl, GFS2_LKS_DCOUNT);
gfs2_update_request_times(gl);
- /* don't want to skip dlm_unlock writing the lvb when lock is ex */
-
- if (gl->gl_lksb.sb_lvbptr && (gl->gl_state == LM_ST_EXCLUSIVE))
- lvb_needs_unlock = 1;
+ /* don't want to skip dlm_unlock writing the lvb when lock has one */
if (test_bit(SDF_SKIP_DLM_UNLOCK, &sdp->sd_flags) &&
- !lvb_needs_unlock) {
+ !gl->gl_lksb.sb_lvbptr) {
gfs2_glock_free(gl);
return;
}
next prev parent reply other threads:[~2021-03-01 17:08 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-01 16:12 [PATCH 4.4 00/93] 4.4.259-rc1 review Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 01/93] HID: make arrays usage and value to be the same Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 02/93] usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 03/93] xen-netback: delete NAPI instance when queue fails to initialize Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 04/93] ntfs: check for valid standard information attribute Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 05/93] igb: Remove incorrect "unexpected SYS WRAP" log message Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 06/93] scripts/recordmcount.pl: support big endian for ARCH sh Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 07/93] kdb: Make memory allocations more robust Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 08/93] MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 09/93] Bluetooth: Fix initializing response id after clearing struct Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 10/93] ARM: dts: exynos: correct PMIC interrupt trigger level on Spring Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 11/93] ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 12/93] Bluetooth: drop HCI device reference before return Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 13/93] Bluetooth: Put HCI device if inquiry procedure interrupts Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 14/93] usb: dwc2: Abort transaction after errors with unknown reason Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 15/93] usb: dwc2: Make "trimming xfer length" a debug message Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 16/93] ARM: s3c: fix fiq for clang IAS Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 17/93] bnxt_en: reverse order of TX disable and carrier off Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 18/93] xen/netback: fix spurious event detection for common event case Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 19/93] b43: N-PHY: Fix the update of coef for the PHY revision >= 3case Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 20/93] fbdev: aty: SPARC64 requires FB_ATY_CT Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 21/93] drm/gma500: Fix error return code in psb_driver_load() Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 22/93] gma500: clean up error handling in init Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 23/93] MIPS: c-r4k: Fix section mismatch for loongson2_sc_init Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 24/93] MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 25/93] media: media/pci: Fix memleak in empress_init Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 26/93] media: tm6000: Fix memleak in tm6000_start_stream Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 27/93] ASoC: cs42l56: fix up error handling in probe Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 28/93] media: lmedm04: Fix misuse of comma Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 29/93] media: cx25821: Fix a bug when reallocating some dma memory Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 30/93] media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 31/93] btrfs: clarify error returns values in __load_free_space_cache Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 32/93] fs/jfs: fix potential integer overflow on shift of a int Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 33/93] jffs2: fix use after free in jffs2_sum_write_data() Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 34/93] clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 35/93] HID: core: detect and skip invalid inputs to snto32() Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 36/93] dmaengine: fsldma: Fix a resource leak in the remove function Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 37/93] dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 38/93] clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 39/93] regulator: axp20x: Fix reference cout leak Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 40/93] isofs: release buffer head before return Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 41/93] IB/umad: Return EIO in case of when device disassociated Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 42/93] powerpc/47x: Disable 256k page size Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 43/93] mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 44/93] ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 45/93] amba: Fix resource leak for drivers without .remove Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 46/93] tracepoint: Do not fail unregistering a probe due to memory failure Greg Kroah-Hartman
2021-03-01 16:12 ` [PATCH 4.4 47/93] mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 48/93] powerpc/pseries/dlpar: handle ibm, configure-connector delay status Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 49/93] perf intel-pt: Fix missing CYC processing in PSB Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 50/93] perf test: Fix unaligned access in sample parsing test Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 51/93] Input: elo - fix an error code in elo_connect() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 52/93] sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 53/93] misc: eeprom_93xx46: Fix module alias to enable module autoprobe Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 54/93] misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 55/93] VMCI: Use set_page_dirty_lock() when unregistering guest memory Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 56/93] PCI: Align checking of syscall user config accessors Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 57/93] Take mmap lock in cacheflush syscall Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 58/93] mm/memory.c: fix potential pte_unmap_unlock pte error Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 59/93] mm/hugetlb: fix potential double free in hugetlb_register_node() error path Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 60/93] i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 61/93] scsi: bnx2fc: Fix Kconfig warning & CNIC build errors Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 62/93] block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h> Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 63/93] blk-settings: align max_sectors on "logical_block_size" boundary Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 64/93] Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 65/93] Input: joydev - prevent potential read overflow in ioctl Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 66/93] Input: i8042 - add ASUS Zenbook Flip to noselftest list Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 67/93] USB: serial: option: update interface mapping for ZTE P685M Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 68/93] USB: serial: mos7840: fix error code in mos7840_write() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 69/93] USB: serial: mos7720: fix error code in mos7720_write() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 70/93] usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 71/93] usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 72/93] KEYS: trusted: Fix migratable=1 failing Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 73/93] btrfs: fix reloc root leak with 0 ref reloc roots on recovery Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 74/93] drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 75/93] staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 76/93] x86/reboot: Force all cpus to exit VMX root if VMX is supported Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 77/93] floppy: reintroduce O_NDELAY fix Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 78/93] mm: hugetlb: fix a race between freeing and dissolving the page Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 79/93] usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 80/93] libnvdimm/dimm: Avoid race between probe and available_slots_show() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 81/93] module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 82/93] gpio: pcf857x: Fix missing first interrupt Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 83/93] f2fs: fix out-of-repair __setattr_copy() Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 84/93] sparc32: fix a user-triggerable oops in clear_user() Greg Kroah-Hartman
2021-03-01 16:13 ` Greg Kroah-Hartman [this message]
2021-03-01 16:13 ` [PATCH 4.4 86/93] dm era: Recover committed writeset after crash Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 87/93] dm era: Verify the data block size hasnt changed Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 88/93] dm era: Fix bitset memory leaks Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 89/93] dm era: Use correct value size in equality function of writeset tree Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 90/93] dm era: Reinitialize bitset cache before digesting a new writeset Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 91/93] dm era: only resize metadata in preresume Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 92/93] futex: Fix OWNER_DEAD fixup Greg Kroah-Hartman
2021-03-01 16:13 ` [PATCH 4.4 93/93] dm era: Update in-core bitset after committing the metadata Greg Kroah-Hartman
2021-03-01 21:16 ` [PATCH 4.4 00/93] 4.4.259-rc1 review Pavel Machek
2021-03-01 21:45 ` Shuah Khan
2021-03-02 15:52 ` Naresh Kamboju
2021-03-02 18:40 ` Guenter Roeck
2021-03-02 19:02 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210301161011.045363333@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=agruenba@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rpeterso@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).