[Devel] [PATCH RHEL8 COMMIT] kmapset: lost map->size update in kmapset_del_value()
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Mar 30 17:24:28 MSK 2021
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.10
------>
commit 297ba43ecd06302f3077c997e93e7cad5916f8b8
Author: Vasily Averin <vvs at virtuozzo.com>
Date: Fri Mar 26 12:47:10 2021 +0300
kmapset: lost map->size update in kmapset_del_value()
If map->size is not properly updated
kmapset_cmp() can crash on access to non-exisitng links.
https://jira.sw.ru/browse/PSBM-127478
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
khorenko@: reordered "map->size--;" and "kfree_rcu(link, rcu_head);"
in kmapset_del_value() to keep the same order as in kmapset_unlink().
As both operations are under same lock, it does not change the logic,
just makes the code cleaner.
---
lib/kmapset.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/kmapset.c b/lib/kmapset.c
index 89222d237785..d9ef93de1982 100644
--- a/lib/kmapset.c
+++ b/lib/kmapset.c
@@ -303,6 +303,7 @@ bool kmapset_del_value(struct kmapset_map *map, struct kmapset_key *key)
if (link) {
hlist_del_rcu(&link->map_link);
hlist_del(&link->key_link);
+ map->size--;
kfree_rcu(link, rcu_head);
ret = true;
}
More information about the Devel
mailing list