From b664182e0361731fa409ac6a0a0f19637a7e5288 Mon Sep 17 00:00:00 2001 From: Wang Shilong Date: Mon, 29 Apr 2019 20:46:47 +0800 Subject: [PATCH] LU-12225 obdclass: fix race access vs removal of jobid_hash We added @pidmap into hash and reference count will be 1. However, another thread might reclaim this newely added @pidmap from hash list, we try to access this @pidmap will become a user-after-free operation. Fix this problem by init reference count as 1 before adding hash list, which gurantee memory could be not freed during our access. Check other places where memory reclaim used did similar idea like this. Change-Id: Idd5f429b97e064e29b6883243f8a012c2b4b4ae7 Signed-off-by: Wang Shilong Reviewed-on: https://review.whamcloud.com/34763 Tested-by: Jenkins Tested-by: Maloo Reviewed-by: Patrick Farrell Reviewed-by: Gu Zheng Reviewed-by: Oleg Drokin --- lustre/obdclass/jobid.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lustre/obdclass/jobid.c b/lustre/obdclass/jobid.c index 633388b..07a6c57 100644 --- a/lustre/obdclass/jobid.c +++ b/lustre/obdclass/jobid.c @@ -213,6 +213,12 @@ static int jobid_get_from_cache(char *jobid, size_t joblen) pidmap->jp_jobid[0] = '\0'; spin_lock_init(&pidmap->jp_lock); INIT_HLIST_NODE(&pidmap->jp_hash); + /* + * @pidmap might be reclaimed just after it is added into + * hash list, init @jp_refcount as 1 to make sure memory + * could be not freed during access. + */ + atomic_set(&pidmap->jp_refcount, 1); /* * Add the newly created map to the hash, on key collision we @@ -226,8 +232,6 @@ static int jobid_get_from_cache(char *jobid, size_t joblen) pid); OBD_FREE_PTR(pidmap); pidmap = pidmap2; - } else { - cfs_hash_get(jobid_hash, &pidmap->jp_hash); } } -- 1.8.3.1