lockd and nfsd inet[6]addr notifiers use pointer that can be changed during execution. lockd_inet[6]addr_event use nlmsvc_rqst without taken nlmsvc_mutex, nfsd notifier have similar trouble. We got few crashes from OpenVz customers on RHEL6-based kernel, and I have reproduced the problem locally on this kernel. I was unable to reproduce the problem on new kernels, however seems they are affected. We cannot add mutexes into notifiers because inet6addr notifiers should be atomic. To fix the problem I use atomic counter and waitqueue: counter allows notifier to access the pointer, waitqueue allows to delay stop of service until notifier is in use. Patches was not tested because I was unable to reproduce the problem on new kernels. Please review it carefully and let me know if this can be fixed in a better way. Vasily Averin (2): race of lockd inetaddr notifiers with nlmsvc_rqst change race of nfsd inetaddr notifiers with nn->nfsd_serv change fs/lockd/svc.c | 16 ++++++++++++++-- fs/nfsd/netns.h | 3 +++ fs/nfsd/nfsctl.c | 3 +++ fs/nfsd/nfssvc.c | 14 +++++++++++--- 4 files changed, 31 insertions(+), 5 deletions(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
