[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <17617.16700.274788.869486@cse.unsw.edu.au>
Date: Thu, 3 Aug 2006 10:20:12 +1000
From: Neil Brown <neilb@...e.de>
To: Philipp Matthias Hahn <pmhahn@....Informatik.Uni-Oldenburg.de>
Cc: nfs@...ts.sourceforge.net, akpm@...l.org, stable@...nel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH for stable] Re: [Fwd: moradin 2006-08-02 11:02 System Events]
On Wednesday August 2, pmhahn@....Informatik.Uni-Oldenburg.de wrote:
> Hello!
>
> Rebooting one of our NFS file servers with 2.6.17.7, I just got the
> following OOPS:
Thanks for the report.
The bug was fairly easy to find and fix.
I think this would be appropriate for the next 2.6.17.x stable kernel,
and definitely for 2.6.18. (hence 'akpm' and 'stable' cc:ed).
It is not relevant for earlier kernels (e.g. 2.6.16).
Patch was made against 2.6.18-rc2-mm1, but applies equally to
2.6.17.7.
Thanks again,
NeilBrown
---------------------------------------------
Fix race related problem when adding items to and svcrpc auth cache.
If we don't find the item we are lookng for, we allocate a new one,
and then grab the lock again and search to see if it has been added
while we did the alloc.
If it had been added we need to 'cache_put' the newly created item
that we are never going to use. But as it hasn't been initialised
properly, putting it can cause an oops.
So move the ->init call earlier to that it will always be fully
initilised if we have to put it.
Thanks to Philipp Matthias Hahn <pmhahn@....Informatik.Uni-Oldenburg.de>
for reporting the problem.
Signed-off-by: Neil Brown <neilb@...e.de>
### Diffstat output
./net/sunrpc/cache.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff .prev/net/sunrpc/cache.c ./net/sunrpc/cache.c
--- .prev/net/sunrpc/cache.c 2006-08-03 10:07:33.000000000 +1000
+++ ./net/sunrpc/cache.c 2006-08-03 10:08:36.000000000 +1000
@@ -71,7 +71,12 @@ struct cache_head *sunrpc_cache_lookup(s
new = detail->alloc();
if (!new)
return NULL;
+ /* must fully initialise 'new', else
+ * we might get lose if we need to
+ * cache_put it soon.
+ */
cache_init(new);
+ detail->init(new, key);
write_lock(&detail->hash_lock);
@@ -85,7 +90,6 @@ struct cache_head *sunrpc_cache_lookup(s
return tmp;
}
}
- detail->init(new, key);
new->next = *head;
*head = new;
detail->entries++;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists