[PATCH] brd: Fix brd_lookup_page() race

From: Brian Behlendorf
Date: Fri May 10 2013 - 12:58:12 EST

Next message: Ming Lei: "x86_mce: mce_start uses number of phsical cores instead of logicalcores"
Previous message: Matt Causey: "Re: RTL driver for RTL8191SEvB and/or wpa-supplicant really broken at times"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The index on the page must be set before it is inserted in the
radix tree. Otherwise there is a small race which can occur
during lookup where the page can be found with the incorrect
index. This will trigger the BUG_ON() in brd_lookup_page().

Reported-by: Chris Wedgwood <cw@xxxxxxxx>
Signed-off-by: Brian Behlendorf <behlendorf1@xxxxxxxx>

---
drivers/block/brd.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/block/brd.c b/drivers/block/brd.c
index f1a29f8..9bf4371 100644
--- a/drivers/block/brd.c
+++ b/drivers/block/brd.c
@@ -117,13 +117,13 @@ static struct page *brd_insert_page(struct brd_device *b, sector_t sector)

spin_lock(&brd->brd_lock);
idx = sector >> PAGE_SECTORS_SHIFT;
+ page->index = idx;
if (radix_tree_insert(&brd->brd_pages, idx, page)) {
__free_page(page);
page = radix_tree_lookup(&brd->brd_pages, idx);
BUG_ON(!page);
BUG_ON(page->index != idx);
- } else
- page->index = idx;
+ }
spin_unlock(&brd->brd_lock);

radix_tree_preload_end();
--
1.7.4.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ming Lei: "x86_mce: mce_start uses number of phsical cores instead of logicalcores"
Previous message: Matt Causey: "Re: RTL driver for RTL8191SEvB and/or wpa-supplicant really broken at times"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]