• Miao Xie's avatar
    Btrfs: fix use-after-free problem of the device during device replace · 67a2c45e
    Miao Xie authored
    The problem is:
    	Task0(device scan task)		Task1(device replace task)
    	scan_one_device()
    	mutex_lock(&uuid_mutex)
    	device = find_device()
    					mutex_lock(&device_list_mutex)
    					lock_chunk()
    					rm_and_free_source_device
    					unlock_chunk()
    					mutex_unlock(&device_list_mutex)
    	check device
    
    Destroying the target device if device replace fails also has the same problem.
    
    We fix this problem by locking uuid_mutex during destroying source device or
    target device, just like the device remove operation.
    
    It is a temporary solution, we can fix this problem and make the code more
    clear by atomic counter in the future.
    Signed-off-by: default avatarMiao Xie <miaox@cn.fujitsu.com>
    Signed-off-by: default avatarChris Mason <clm@fb.com>
    67a2c45e
dev-replace.c 29.3 KB