[Devel] [PATCH rh7] cbt: fix possible race on alloc_page()
Dmitry Monakhov
dmonakhov at openvz.org
Wed May 25 04:08:15 PDT 2016
Maxim Patlasov <mpatlasov at virtuozzo.com> writes:
> cbt_page_alloc() drops cbt->lock before calling alloc_page(),
> then re-acquires it. It's safer to re-check that cbt->map[idx]
> is still NULL after re-acquiring the lock.
>
> Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
Indeed. Ack.
> ---
> block/blk-cbt.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/block/blk-cbt.c b/block/blk-cbt.c
> index 8ba52fb..14ad1a2 100644
> --- a/block/blk-cbt.c
> +++ b/block/blk-cbt.c
> @@ -128,7 +128,12 @@ static int cbt_page_alloc(struct cbt_info **cbt_pp, unsigned long idx,
> spin_unlock_irq(&cbt->lock);
> return -ENOMEM;
> }
> - cbt->map[idx] = page;
> +
> + if (likely(CBT_PAGE(cbt, idx) == NULL))
> + cbt->map[idx] = page;
> + else
> + __free_page(page);
> +
> page = NULL;
> spin_unlock_irq(&cbt->lock);
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20160525/a064b1b8/attachment.sig>
More information about the Devel
mailing list