[Devel] [PATCH rh7] cbt: fix possible race on alloc_page()
Maxim Patlasov
mpatlasov at virtuozzo.com
Mon May 23 16:58:23 PDT 2016
cbt_page_alloc() drops cbt->lock before calling alloc_page(),
then re-acquires it. It's safer to re-check that cbt->map[idx]
is still NULL after re-acquiring the lock.
Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
---
block/blk-cbt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index 8ba52fb..14ad1a2 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -128,7 +128,12 @@ static int cbt_page_alloc(struct cbt_info **cbt_pp, unsigned long idx,
spin_unlock_irq(&cbt->lock);
return -ENOMEM;
}
- cbt->map[idx] = page;
+
+ if (likely(CBT_PAGE(cbt, idx) == NULL))
+ cbt->map[idx] = page;
+ else
+ __free_page(page);
+
page = NULL;
spin_unlock_irq(&cbt->lock);
More information about the Devel
mailing list