ocfs2: Concurrent access of o2hb_region->hr_task was not locked

This means that a build-up and a teardown could race which would result in a double-kthread_stop(). Protect the setting and clearing of hr_task with o2hb_live_lock, as it's not a common thing and not performance critical. Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>

ocfs2: Concurrent access of o2hb_region->hr_task was not locked
This means that a build-up and a teardown could race which would result in a double-kthread_stop(). Protect the setting and clearing of hr_task with o2hb_live_lock, as it's not a common thing and not performance critical. Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
e6c352db · Joel Becker · Mark Fasheh · c24f72cc · e6c352db
Commit e6c352db authored Feb 03, 2007 by Joel Becker Committed by Mark Fasheh Mar 14, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 12 deletions

fs/ocfs2/cluster/heartbeat.c fs/ocfs2/cluster/heartbeat.c +32 -12

No files found.
--- a/fs/ocfs2/cluster/heartbeat.c
+++ b/fs/ocfs2/cluster/heartbeat.c
@@ -1234,6 +1234,7 @@ static ssize_t o2hb_region_dev_write(struct o2hb_region *reg,
 				     const char *page,
 				     size_t count)
 {
+	struct task_struct *hb_task;
 	long fd;
 	int sectsize;
 	char *p = (char *)page;
@@ -1319,20 +1320,28 @@ static ssize_t o2hb_region_dev_write(struct o2hb_region *reg,
 	 */
 	atomic_set(&reg->hr_steady_iterations, O2HB_LIVE_THRESHOLD + 1);
-	reg->hr_task = kthread_run(o2hb_thread, reg, "o2hb-%s",
+	hb_task = kthread_run(o2hb_thread, reg, "o2hb-%s",
-				   reg->hr_item.ci_name);
+			      reg->hr_item.ci_name);
-	if (IS_ERR(reg->hr_task)) {
+	if (IS_ERR(hb_task)) {
-		ret = PTR_ERR(reg->hr_task);
+		ret = PTR_ERR(hb_task);
 		mlog_errno(ret);
-		reg->hr_task = NULL;
 		goto out;
 	}
+	spin_lock(&o2hb_live_lock);
+	reg->hr_task = hb_task;
+	spin_unlock(&o2hb_live_lock);
 	ret = wait_event_interruptible(o2hb_steady_queue,
 				atomic_read(&reg->hr_steady_iterations) == 0);
 	if (ret) {
-		kthread_stop(reg->hr_task);
+		spin_lock(&o2hb_live_lock);
+		hb_task = reg->hr_task;
 		reg->hr_task = NULL;
+		spin_unlock(&o2hb_live_lock);
+		if (hb_task)
+			kthread_stop(hb_task);
 		goto out;
 	}
@@ -1354,10 +1363,17 @@ static ssize_t o2hb_region_dev_write(struct o2hb_region *reg,
 static ssize_t o2hb_region_pid_read(struct o2hb_region *reg,
                                      char *page)
 {
-	if (!reg->hr_task)
+	pid_t pid = 0;
+	spin_lock(&o2hb_live_lock);
+	if (reg->hr_task)
+		pid = reg->hr_task->pid;
+	spin_unlock(&o2hb_live_lock);
+	if (!pid)
 		return 0;
-	return sprintf(page, "%u\n", reg->hr_task->pid);
+	return sprintf(page, "%u\n", pid);
 }
 struct o2hb_region_attribute {
@@ -1495,13 +1511,17 @@ static struct config_item *o2hb_heartbeat_group_make_item(struct config_group *g
 static void o2hb_heartbeat_group_drop_item(struct config_group *group,
 					   struct config_item *item)
 {
+	struct task_struct *hb_task;
 	struct o2hb_region *reg = to_o2hb_region(item);
 	/* stop the thread when the user removes the region dir */
-	if (reg->hr_task) {
+	spin_lock(&o2hb_live_lock);
-		kthread_stop(reg->hr_task);
+	hb_task = reg->hr_task;
-		reg->hr_task = NULL;
+	reg->hr_task = NULL;
-	}
+	spin_unlock(&o2hb_live_lock);
+	if (hb_task)
+		kthread_stop(hb_task);
 	config_item_put(item);
 }