[DLM] fix a couple of races

Fix two races in fs/dlm/config.c: (1) Grab the configfs subsystem semaphore before calling config_group_find_obj() in get_space(). This solves a potential race between get_space() and concurrent mkdir(2) or rmdir(2). (2) Grab a reference on the found config_item _while_ holding the configfs subsystem semaphore in get_comm(), and not after it. This solves a potential race between get_comm() and concurrent rmdir(2). Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in> Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>

[DLM] fix a couple of races
Fix two races in fs/dlm/config.c: (1) Grab the configfs subsystem semaphore before calling config_group_find_obj() in get_space(). This solves a potential race between get_space() and concurrent mkdir(2) or rmdir(2). (2) Grab a reference on the found config_item _while_ holding the configfs subsystem semaphore in get_comm(), and not after it. This solves a potential race between get_comm() and concurrent rmdir(2). Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in> Signed-off-by: David Teigland <teigland@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Satyam Sharma · Steven Whitehouse
1 parent b524fe646c
Showing 1 changed file with 11 additions and 4 deletions Side-by-side Diff
fs/dlm/config.c
@@ -748,9 +748,16 @@
  
 static struct space *get_space(char *name)
 {
+	struct config_item *i;
+
 	if (!space_list)
 		return NULL;
-	return to_space(config_group_find_obj(space_list, name));
+
+	down(&space_list->cg_subsys->su_sem);
+	i = config_group_find_obj(space_list, name);
+	up(&space_list->cg_subsys->su_sem);
+
+	return to_space(i);
 }
  
 static void put_space(struct space *sp)
  
  
@@ -776,20 +783,20 @@
 			if (cm->nodeid != nodeid)
 				continue;
 			found = 1;
+			config_item_get(i);
 			break;
 		} else {
 			if (!cm->addr_count ||
 			    memcmp(cm->addr[0], addr, sizeof(*addr)))
 				continue;
 			found = 1;
+			config_item_get(i);
 			break;
 		}
 	}
 	up(&clusters_root.subsys.su_sem);
  
-	if (found)
-		config_item_get(i);
-	else
+	if (!found)
 		cm = NULL;
 	return cm;
 }
...	...	@@ -748,9 +748,16 @@
748	748
749	749	static struct space get_space(char name)
750	750	{
	751	+ struct config_item *i;
	752	+
751	753	if (!space_list)
752	754	return NULL;
753		- return to_space(config_group_find_obj(space_list, name));
	755	+
	756	+ down(&space_list->cg_subsys->su_sem);
	757	+ i = config_group_find_obj(space_list, name);
	758	+ up(&space_list->cg_subsys->su_sem);
	759	+
	760	+ return to_space(i);
754	761	}
755	762
756	763	static void put_space(struct space *sp)
757	764
758	765
...	...	@@ -776,20 +783,20 @@
776	783	if (cm->nodeid != nodeid)
777	784	continue;
778	785	found = 1;
	786	+ config_item_get(i);
779	787	break;
780	788	} else {
781	789	if (!cm->addr_count \|\|
782	790	memcmp(cm->addr[0], addr, sizeof(*addr)))
783	791	continue;
784	792	found = 1;
	793	+ config_item_get(i);
785	794	break;
786	795	}
787	796	}
788	797	up(&clusters_root.subsys.su_sem);
789	798
790		- if (found)
791		- config_item_get(i);
792		- else
	799	+ if (!found)
793	800	cm = NULL;
794	801	return cm;
795	802	}