From: Christopher J. Morrone Date: Fri, 15 Nov 2013 21:40:19 +0000 (-0800) Subject: LU-4194 ldlm: Make OBD_[ALLOC|FREE]_LARGE use consistent X-Git-Tag: 2.5.52~26 X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=9c4d506c5feae8023b49781b31b25b8ef3f8123f LU-4194 ldlm: Make OBD_[ALLOC|FREE]_LARGE use consistent struct ldlm_lock's l_lvb_data field is freed in ldlm_lock_put() using OBD_FREE. However, some other code paths can attach a buffer to l_lvb_data that was allocated using OBD_ALLOC_LARGE. This can lead to a kfree() of a vmalloc()ed buffer, which can trigger a kernel Oops. Change-Id: Ic75a67530862eeb4d065c14bbbac80939bff5731 Signed-off-by: Christopher J. Morrone Reviewed-on: http://review.whamcloud.com/8298 Tested-by: Jenkins Reviewed-by: Andreas Dilger Reviewed-by: Faccini Bruno Tested-by: Maloo --- diff --git a/lustre/ldlm/ldlm_lock.c b/lustre/ldlm/ldlm_lock.c index 8853bc7..760d2c2 100644 --- a/lustre/ldlm/ldlm_lock.c +++ b/lustre/ldlm/ldlm_lock.c @@ -234,7 +234,7 @@ void ldlm_lock_put(struct ldlm_lock *lock) } if (lock->l_lvb_data != NULL) - OBD_FREE(lock->l_lvb_data, lock->l_lvb_len); + OBD_FREE_LARGE(lock->l_lvb_data, lock->l_lvb_len); ldlm_interval_free(ldlm_interval_detach(lock)); lu_ref_fini(&lock->l_reference); @@ -1624,7 +1624,7 @@ struct ldlm_lock *ldlm_lock_create(struct ldlm_namespace *ns, if (lvb_len) { lock->l_lvb_len = lvb_len; - OBD_ALLOC(lock->l_lvb_data, lvb_len); + OBD_ALLOC_LARGE(lock->l_lvb_data, lvb_len); if (lock->l_lvb_data == NULL) GOTO(out, 0); } diff --git a/lustre/ldlm/ldlm_lockd.c b/lustre/ldlm/ldlm_lockd.c index 42c7177..084e3e3 100644 --- a/lustre/ldlm/ldlm_lockd.c +++ b/lustre/ldlm/ldlm_lockd.c @@ -1726,7 +1726,7 @@ static void ldlm_handle_cp_callback(struct ptlrpc_request *req, * variable length */ void *lvb_data; - OBD_ALLOC(lvb_data, lvb_len); + OBD_ALLOC_LARGE(lvb_data, lvb_len); if (lvb_data == NULL) { LDLM_ERROR(lock, "No memory: %d.\n", lvb_len); GOTO(out, rc = -ENOMEM);