fs: dlm: fix race between test_bit() and queue_work()
authorAlexander Aring <aahringo@redhat.com>
Mon, 15 Aug 2022 19:43:14 +0000 (15:43 -0400)
committerDavid Teigland <teigland@redhat.com>
Tue, 23 Aug 2022 19:37:14 +0000 (14:37 -0500)
This patch fixes a race by using ls_cb_mutex around the bit
operations and conditional code blocks for LSFL_CB_DELAY.

The function dlm_callback_stop() expects to stop all callbacks and
flush all currently queued onces. The set_bit() is not enough because
there can still be queue_work() after the workqueue was flushed.
To avoid queue_work() after set_bit(), surround both by ls_cb_mutex.

Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
fs/dlm/ast.c

index 19ef136f9e4fc32f8a5881f621b491eb526f24c2..a44cc42b6317115313b5d07f02fcf2aefe93892e 100644 (file)
@@ -200,13 +200,13 @@ void dlm_add_cb(struct dlm_lkb *lkb, uint32_t flags, int mode, int status,
        if (!prev_seq) {
                kref_get(&lkb->lkb_ref);
 
+               mutex_lock(&ls->ls_cb_mutex);
                if (test_bit(LSFL_CB_DELAY, &ls->ls_flags)) {
-                       mutex_lock(&ls->ls_cb_mutex);
                        list_add(&lkb->lkb_cb_list, &ls->ls_cb_delay);
-                       mutex_unlock(&ls->ls_cb_mutex);
                } else {
                        queue_work(ls->ls_callback_wq, &lkb->lkb_cb_work);
                }
+               mutex_unlock(&ls->ls_cb_mutex);
        }
  out:
        mutex_unlock(&lkb->lkb_cb_mutex);
@@ -288,7 +288,9 @@ void dlm_callback_stop(struct dlm_ls *ls)
 
 void dlm_callback_suspend(struct dlm_ls *ls)
 {
+       mutex_lock(&ls->ls_cb_mutex);
        set_bit(LSFL_CB_DELAY, &ls->ls_flags);
+       mutex_unlock(&ls->ls_cb_mutex);
 
        if (ls->ls_callback_wq)
                flush_workqueue(ls->ls_callback_wq);