From: Wang Shilong Date: Mon, 29 Apr 2019 12:46:47 +0000 (+0800) Subject: LU-12225 obdclass: fix race access vs removal of jobid_hash X-Git-Tag: 2.12.54~83 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=b664182e0361731fa409ac6a0a0f19637a7e5288;p=fs%2Flustre-release.git LU-12225 obdclass: fix race access vs removal of jobid_hash We added @pidmap into hash and reference count will be 1. However, another thread might reclaim this newely added @pidmap from hash list, we try to access this @pidmap will become a user-after-free operation. Fix this problem by init reference count as 1 before adding hash list, which gurantee memory could be not freed during our access. Check other places where memory reclaim used did similar idea like this. Change-Id: Idd5f429b97e064e29b6883243f8a012c2b4b4ae7 Signed-off-by: Wang Shilong Reviewed-on: https://review.whamcloud.com/34763 Tested-by: Jenkins Tested-by: Maloo Reviewed-by: Patrick Farrell Reviewed-by: Gu Zheng Reviewed-by: Oleg Drokin --- diff --git a/lustre/obdclass/jobid.c b/lustre/obdclass/jobid.c index 633388b..07a6c57 100644 --- a/lustre/obdclass/jobid.c +++ b/lustre/obdclass/jobid.c @@ -213,6 +213,12 @@ static int jobid_get_from_cache(char *jobid, size_t joblen) pidmap->jp_jobid[0] = '\0'; spin_lock_init(&pidmap->jp_lock); INIT_HLIST_NODE(&pidmap->jp_hash); + /* + * @pidmap might be reclaimed just after it is added into + * hash list, init @jp_refcount as 1 to make sure memory + * could be not freed during access. + */ + atomic_set(&pidmap->jp_refcount, 1); /* * Add the newly created map to the hash, on key collision we @@ -226,8 +232,6 @@ static int jobid_get_from_cache(char *jobid, size_t joblen) pid); OBD_FREE_PTR(pidmap); pidmap = pidmap2; - } else { - cfs_hash_get(jobid_hash, &pidmap->jp_hash); } }