From 380be07fcca1f76564d1f29e58f2d8d5f8f530c8 Mon Sep 17 00:00:00 2001 From: Original Author Mike Marciniszyn Date: Wed, 7 Jul 2021 15:16:00 -0400 Subject: [PATCH] LU-14733 o2iblnd: Move racy NULL assignment kiblnd_fmr_pool_unmap() can race map and subsequent processing because of this flaw in unmap: if (frd) { frd->frd_valid = false; spin_lock(&fps->fps_lock); list_add_tail(&frd->frd_list, &fpo->fast_reg.fpo_pool_list); spin_unlock(&fps->fps_lock); fmr->fmr_frd = NULL; } The fmr can be pulled off the list in kiblnd_fmr_pool_unmap() on another CPU an fmr_frd could be in a state of flux and potentially be seen incorrectly later on as the kib_tx is processed. Fix my moving the fmr_frd assignment to before the fmr is added to the list. Lustre-change: https://review.whamcloud.com/44189 Lustre-commit: 023113fb8946f3565529e7327fdcd90ab9db3ba3 Test-Parameters: fortestonly testgroup=review-dne-zfs-part-1 Signed-off-by: Mike Marciniszyn Change-Id: Ibddf132a363ecfe9db3cc06287cec873c021d2fb Signed-off-by: Gian-Carlo DeFazio Reviewed-on: https://review.whamcloud.com/44295 Tested-by: jenkins Reviewed-by: Serguei Smirnov Reviewed-by: Andreas Dilger --- lnet/klnds/o2iblnd/o2iblnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lnet/klnds/o2iblnd/o2iblnd.c b/lnet/klnds/o2iblnd/o2iblnd.c index 18ac5fa..7785fc9 100644 --- a/lnet/klnds/o2iblnd/o2iblnd.c +++ b/lnet/klnds/o2iblnd/o2iblnd.c @@ -1766,10 +1766,10 @@ kiblnd_fmr_pool_unmap(struct kib_fmr *fmr, int status) if (frd) { frd->frd_valid = false; + fmr->fmr_frd = NULL; spin_lock(&fps->fps_lock); list_add_tail(&frd->frd_list, &fpo->fast_reg.fpo_pool_list); spin_unlock(&fps->fps_lock); - fmr->fmr_frd = NULL; } } fmr->fmr_pool = NULL; -- 1.8.3.1