We added @pidmap into hash and reference count will be 1.
However, another thread might reclaim this newely added
@pidmap from hash list, we try to access this @pidmap
will become a user-after-free operation.
Fix this problem by init reference count as 1 before
adding hash list, which gurantee memory could be not
freed during our access.
Check other places where memory reclaim used did similar
idea like this.
Change-Id: Idd5f429b97e064e29b6883243f8a012c2b4b4ae7
Signed-off-by: Wang Shilong <wshilong@ddn.com>
Reviewed-on: https://review.whamcloud.com/34763
Tested-by: Jenkins
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Gu Zheng <gzheng@ddn.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
pidmap->jp_jobid[0] = '\0';
spin_lock_init(&pidmap->jp_lock);
INIT_HLIST_NODE(&pidmap->jp_hash);
+ /*
+ * @pidmap might be reclaimed just after it is added into
+ * hash list, init @jp_refcount as 1 to make sure memory
+ * could be not freed during access.
+ */
+ atomic_set(&pidmap->jp_refcount, 1);
/*
* Add the newly created map to the hash, on key collision we
pid);
OBD_FREE_PTR(pidmap);
pidmap = pidmap2;
- } else {
- cfs_hash_get(jobid_hash, &pidmap->jp_hash);
}
}