commit 3168b0780d06ace875696f8a648d04d6089654e5
author Satyam Sharma <ssatyam@cse.iitk.ac.in> Tue May 08 09:18:58 2007 +0100
committer Steven Whitehouse <swhiteho@redhat.com> Mon Jul 09 08:22:10 2007 +0100
tree b93814b13155cce67432e1ed11bee58c9a5d5a50
parent b524fe646c9a226a847e30ca1221dc22e952f16b

[DLM] fix a couple of races

Fix two races in fs/dlm/config.c:

(1) Grab the configfs subsystem semaphore before calling
config_group_find_obj() in get_space(). This solves a potential race
between get_space() and concurrent mkdir(2) or rmdir(2).

(2) Grab a reference on the found config_item _while_ holding the configfs
subsystem semaphore in get_comm(), and not after it. This solves a
potential race between get_comm() and concurrent rmdir(2).

Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>

fs/dlm/config.c

diff --git a/fs/dlm/config.c b/fs/dlm/config.c
index 822abdc..5a3d390 100644
--- a/fs/dlm/config.c
+++ b/fs/dlm/config.c
@@ -748,9 +748,16 @@
 
 static struct space *get_space(char *name)
 {
+	struct config_item *i;
+
 	if (!space_list)
 		return NULL;
-	return to_space(config_group_find_obj(space_list, name));
+
+	down(&space_list->cg_subsys->su_sem);
+	i = config_group_find_obj(space_list, name);
+	up(&space_list->cg_subsys->su_sem);
+
+	return to_space(i);
 }
 
 static void put_space(struct space *sp)
@@ -776,20 +783,20 @@
 			if (cm->nodeid != nodeid)
 				continue;
 			found = 1;
+			config_item_get(i);
 			break;
 		} else {
 			if (!cm->addr_count ||
 			    memcmp(cm->addr[0], addr, sizeof(*addr)))
 				continue;
 			found = 1;
+			config_item_get(i);
 			break;
 		}
 	}
 	up(&clusters_root.subsys.su_sem);
 
-	if (found)
-		config_item_get(i);
-	else
+	if (!found)
 		cm = NULL;
 	return cm;
 }