Commit d1ae006b authored Aug 15, 2022 by Alexander Aring Committed by Greg Kroah-Hartman Oct 26, 2022

fs: dlm: fix race between test_bit() and queue_work()



commit eef6ec9bf390e836a6c4029f3620fe49528aa1fe upstream.

This patch fixes a race by using ls_cb_mutex around the bit
operations and conditional code blocks for LSFL_CB_DELAY.

The function dlm_callback_stop() expects to stop all callbacks and
flush all currently queued onces. The set_bit() is not enough because
there can still be queue_work() after the workqueue was flushed.
To avoid queue_work() after set_bit(), surround both by ls_cb_mutex.

Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 6aeb500b

fs/dlm/ast.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -200,13 +200,13 @@ void dlm_add_cb(struct dlm_lkb *lkb, uint32_t flags, int mode, int status,
		if (!prev_seq) {
		kref_get(&lkb->lkb_ref);

		if (test_bit(LSFL_CB_DELAY, &ls->ls_flags)) {
		mutex_lock(&ls->ls_cb_mutex);
		if (test_bit(LSFL_CB_DELAY, &ls->ls_flags)) {
		list_add(&lkb->lkb_cb_list, &ls->ls_cb_delay);
		mutex_unlock(&ls->ls_cb_mutex);
		} else {
		queue_work(ls->ls_callback_wq, &lkb->lkb_cb_work);
		}
		mutex_unlock(&ls->ls_cb_mutex);
		}
		out:
		mutex_unlock(&lkb->lkb_cb_mutex);
		@@ -286,7 +286,9 @@ void dlm_callback_stop(struct dlm_ls *ls)

		void dlm_callback_suspend(struct dlm_ls *ls)
		{
		mutex_lock(&ls->ls_cb_mutex);
		set_bit(LSFL_CB_DELAY, &ls->ls_flags);
		mutex_unlock(&ls->ls_cb_mutex);

		if (ls->ls_callback_wq)
		flush_workqueue(ls->ls_callback_wq);