Re: [Devel] [PATCH rh7] cbt: fix possible race on alloc_page()

[Dmitry Monakhov]

Maxim Patlasov  writes:

> cbt_page_alloc() drops cbt->lock before calling alloc_page(),
> then re-acquires it. It's safer to re-check that cbt->map[idx]
> is still NULL after re-acquiring the lock.
>
> Signed-off-by: Maxim Patlasov 
Indeed. Ack.
> ---
>  block/blk-cbt.c |7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/block/blk-cbt.c b/block/blk-cbt.c
> index 8ba52fb..14ad1a2 100644
> --- a/block/blk-cbt.c
> +++ b/block/blk-cbt.c
> @@ -128,7 +128,12 @@ static int cbt_page_alloc(struct cbt_info  **cbt_pp, 
> unsigned long idx,
>   spin_unlock_irq(&cbt->lock);
>   return -ENOMEM;
>   }
> - cbt->map[idx] = page;
> +
> + if (likely(CBT_PAGE(cbt, idx) == NULL))
> + cbt->map[idx] = page;
> + else
> + __free_page(page);
> +
>   page = NULL;
>   spin_unlock_irq(&cbt->lock);
>  


signature.asc
Description: PGP signature
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH rh7] cbt: fix possible race on alloc_page()

[Maxim Patlasov]

cbt_page_alloc() drops cbt->lock before calling alloc_page(),
then re-acquires it. It's safer to re-check that cbt->map[idx]
is still NULL after re-acquiring the lock.

Signed-off-by: Maxim Patlasov 
---
 block/blk-cbt.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index 8ba52fb..14ad1a2 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -128,7 +128,12 @@ static int cbt_page_alloc(struct cbt_info  **cbt_pp, 
unsigned long idx,
spin_unlock_irq(&cbt->lock);
return -ENOMEM;
}
-   cbt->map[idx] = page;
+
+   if (likely(CBT_PAGE(cbt, idx) == NULL))
+   cbt->map[idx] = page;
+   else
+   __free_page(page);
+
page = NULL;
spin_unlock_irq(&cbt->lock);
 

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel