git://git.whamcloud.com - fs/lustre-release.git/commit

author	Olaf Weber <olaf.weber@hpe.com>
	Tue, 12 Sep 2017 12:07:50 +0000 (14:07 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Sun, 7 Jul 2019 15:15:54 +0000 (15:15 +0000)
commit	2b5b551b15d96588f8f309b5a08c11cab203efeb
tree	2eff186110bd6dac56d3b5daf13c778ae5ed751d	tree \| snapshot
parent	67af9e6a6bcde67bef578c4b7a99ebf08cb369cb	commit \| diff

LU-9971 lnet: use after free in lnet_discover_peer_locked()

When the lnet_net_lock is unlocked, the peer attached to an
lnet_peer_ni (found via lnet_peer_ni::lpni_peer_net->lpn_peer)
can change, and the old peer deallocated. If we are really
unlucky, then all the churn could give us a new, different,
peer at the same address in memory.

Change the reference counting on the lnet_peer lp so that it
is guaranteed to be alive when we relock the lnet_net_lock for
the cpt. When the reference count is dropped lp may go away if
it was unlinked, but the new peer is guaranteed to have a
different address, so we can still correctly determine whether
the peer changed and discovery should be redone.

Signed-off-by: Olaf Weber <olaf.weber@hpe.com>
Change-Id: Ia44dce20074b27ec0e77d7c1908c6a44ec73d326
Reviewed-on: https://review.whamcloud.com/28944
Reviewed-by: Amir Shehata <ashehata@whamcloud.com>
Tested-by: Jenkins
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>