diff options
| author | Sahitya Tummala <stummala@codeaurora.org> | 2017-06-05 16:10:31 +0530 |
|---|---|---|
| committer | Sahitya Tummala <stummala@codeaurora.org> | 2017-06-12 13:11:12 +0530 |
| commit | 33b30b124fde308d6192a55df6f176f1c36a79ce (patch) | |
| tree | bdd4e8bdfda235d6e4c9ce20f14eadf2fe215083 /init/do_mounts.h | |
| parent | c1a2472056c800ff46e0ac21a4b67c179a570ad0 (diff) | |
fs/mbcache: fix mb_cache_lru_list corruption
With the recent 'commit d07d314e7d1d ("fs/mbcache: fix use after
free issue in mb_cache_shrink_scan()")', the ce entry is deleted
from mbcache list after ce->e_refcnt incremented under global
spinlock mb_cache_spinlock. If __mb_cache_entry_release(), is waiting
for mb_cache_spinlock at the same time, to add the same ce to
mb_cache_lru_list and if it gets the lock after mb_cache_entry_get()
deleted it, then it corrupts the list, as that element will be freed
immediately after mb_cache_entry_get(). When this list is accessed next
time for deleting/adding another ce, we see list corruption issue.
Fix this by synchronizing these two contexts with mb_cache_spinlock and
evaluating the conditions(ce->e_refcnt) in __mb_cache_entry_release()
under the global lock before adding ce to mb_cache_lru_list.
Change-Id: I3e20fb4fa163755126e30be7aeca747d74215ed2
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Diffstat (limited to 'init/do_mounts.h')
0 files changed, 0 insertions, 0 deletions