diff options
author | Miao Xie <miaox@cn.fujitsu.com> | 2014-09-03 17:35:43 +0400 |
---|---|---|
committer | Chris Mason <clm@fb.com> | 2014-09-18 00:38:44 +0400 |
commit | 67a2c45ee7f4f250458279a2e1244679c5d9735c (patch) | |
tree | 0f1806d2aead6af9629bb701101b75b28863b986 /fs/btrfs/volumes.h | |
parent | adbbb8631beda8e4e5d2c964b8b47e04cfa0a2ae (diff) | |
download | linux-67a2c45ee7f4f250458279a2e1244679c5d9735c.tar.xz |
Btrfs: fix use-after-free problem of the device during device replace
The problem is:
Task0(device scan task) Task1(device replace task)
scan_one_device()
mutex_lock(&uuid_mutex)
device = find_device()
mutex_lock(&device_list_mutex)
lock_chunk()
rm_and_free_source_device
unlock_chunk()
mutex_unlock(&device_list_mutex)
check device
Destroying the target device if device replace fails also has the same problem.
We fix this problem by locking uuid_mutex during destroying source device or
target device, just like the device remove operation.
It is a temporary solution, we can fix this problem and make the code more
clear by atomic counter in the future.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>
Diffstat (limited to 'fs/btrfs/volumes.h')
-rw-r--r-- | fs/btrfs/volumes.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h index 76600a3fedbe..2b37da3dd408 100644 --- a/fs/btrfs/volumes.h +++ b/fs/btrfs/volumes.h @@ -24,6 +24,8 @@ #include <linux/btrfs.h> #include "async-thread.h" +extern struct mutex uuid_mutex; + #define BTRFS_STRIPE_LEN (64 * 1024) struct buffer_head; |