staging/lustre/ptlrpc: race in pinger (use-after-free situation)
The race is result of use-after-free situation:
~ ptlrpc_stop_pinger() ~ ptlrpc_pinger_main()
---------------------------------------------------------------
thread_set_flags(SVC_STOPPING)
cfs_waitq_signal(pinger_thread) ...
... thread_set_flags(SVC_STOPPED)
l_wait_event(thread_is_stopped)
OBD_FREE_PTR(pinger_thread)
... cfs_waitq_signal(pinger_thread)
---------------------------------------------------------------
The memory used by pinger_thread might have been freed and
reallocated to something else, when ptlrpc_pinger_main()
used it in cvs_waitq_signal().
Signed-off-by: Li Wei <[email protected]>
Signed-off-by: Dmitry Eremin <[email protected]>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3032
Lustre-change: http://review.whamcloud.com/6040
Reviewed-by: Faccini Bruno <[email protected]>
Reviewed-by: Mike Pershin <[email protected]>
Reviewed-by: Andreas Dilger <[email protected]>
Signed-off-by: Peng Tao <[email protected]>
Signed-off-by: Andreas Dilger <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
projects / openwrt / staging / blogic.git / commit