Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e6c352db authored by Joel Becker's avatar Joel Becker Committed by Mark Fasheh
Browse files

ocfs2: Concurrent access of o2hb_region->hr_task was not locked 



This means that a build-up and a teardown could race which would result in a
double-kthread_stop().

Protect the setting and clearing of hr_task with o2hb_live_lock, as it's not
a common thing and not performance critical.

Signed-off-by: default avatarJoel Becker <joel.becker@oracle.com>
Signed-off-by: default avatarMark Fasheh <mark.fasheh@oracle.com>
parent c24f72cc

fs/ocfs2/cluster/heartbeat.c

+32 −12
Original line number Diff line number Diff line
@@ -1234,6 +1234,7 @@ static ssize_t o2hb_region_dev_write(struct o2hb_region *reg, 
				     const char *page,

				     size_t count)

{

	struct task_struct *hb_task;

	long fd;

	int sectsize;

	char *p = (char *)page;
@@ -1319,20 +1320,28 @@ static ssize_t o2hb_region_dev_write(struct o2hb_region *reg, 
	 */

	atomic_set(&reg->hr_steady_iterations, O2HB_LIVE_THRESHOLD + 1);



	reg->hr_task = kthread_run(o2hb_thread, reg, "o2hb-%s",

	hb_task = kthread_run(o2hb_thread, reg, "o2hb-%s",

			      reg->hr_item.ci_name);

	if (IS_ERR(reg->hr_task)) {

		ret = PTR_ERR(reg->hr_task);

	if (IS_ERR(hb_task)) {

		ret = PTR_ERR(hb_task);

		mlog_errno(ret);

		reg->hr_task = NULL;

		goto out;

	}



	spin_lock(&o2hb_live_lock);

	reg->hr_task = hb_task;

	spin_unlock(&o2hb_live_lock);



	ret = wait_event_interruptible(o2hb_steady_queue,

				atomic_read(&reg->hr_steady_iterations) == 0);

	if (ret) {

		kthread_stop(reg->hr_task);

		spin_lock(&o2hb_live_lock);

		hb_task = reg->hr_task;

		reg->hr_task = NULL;

		spin_unlock(&o2hb_live_lock);



		if (hb_task)

			kthread_stop(hb_task);

		goto out;

	}
@@ -1354,10 +1363,17 @@ static ssize_t o2hb_region_dev_write(struct o2hb_region *reg, 
static ssize_t o2hb_region_pid_read(struct o2hb_region *reg,

                                      char *page)

{

	if (!reg->hr_task)

	pid_t pid = 0;



	spin_lock(&o2hb_live_lock);

	if (reg->hr_task)

		pid = reg->hr_task->pid;

	spin_unlock(&o2hb_live_lock);



	if (!pid)

		return 0;



	return sprintf(page, "%u\n", reg->hr_task->pid);

	return sprintf(page, "%u\n", pid);

}



struct o2hb_region_attribute {
@@ -1495,13 +1511,17 @@ static struct config_item *o2hb_heartbeat_group_make_item(struct config_group *g 
static void o2hb_heartbeat_group_drop_item(struct config_group *group,

					   struct config_item *item)

{

	struct task_struct *hb_task;

	struct o2hb_region *reg = to_o2hb_region(item);



	/* stop the thread when the user removes the region dir */

	if (reg->hr_task) {

		kthread_stop(reg->hr_task);

	spin_lock(&o2hb_live_lock);

	hb_task = reg->hr_task;

	reg->hr_task = NULL;

	}

	spin_unlock(&o2hb_live_lock);



	if (hb_task)

		kthread_stop(hb_task);



	config_item_put(item);

}