• Srinivas Eeda's avatar
    o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper · 99b8874e
    Srinivas Eeda authored
    A tiny race between BAST and unlock message causes the NULL dereference.
    
    A node sends an unlock request to master and receives a response.  Before
    processing the response it receives a BAST from the master.  Since both
    requests are processed by different threads it creates a race.  While the
    BAST is being processed, lock can get freed by unlock code.
    
    This patch makes bast to return immediately if lock is found but unlock is
    pending.  The code should handle this race.  We also have to fix master
    node to skip sending BAST after receiving unlock message.
    
    Below is the crash stack
    
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
        IP: o2dlm_blocking_ast_wrapper+0xd/0x16
        dlm_do_local_bast+0x8e/0x97 [ocfs2_dlm]
        dlm_proxy_ast_handler+0x838/0x87e [ocfs2_dlm]
        o2net_process_message+0x395/0x5b8 [ocfs2_nodemanager]
        o2net_rx_until_empty+0x762/0x90d [ocfs2_nodemanager]
        worker_thread+0x14d/0x1ed
    
    [akpm@linux-foundation.org: coding-style fixes]
    Signed-off-by: default avatarSrinivas Eeda <srinivas.eeda@oracle.com>
    Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
    Cc: Joel Becker <jlbec@evilplan.org>
    Cc: Joseph Qi <joseph.qi@huawei.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    99b8874e
dlmast.c 14.3 KB