From: Dmitry Eremin <dmitry.eremin@intel.com>
Date: Mon, 22 Jul 2013 16:06:31 +0000 (+0800)
Subject: staging/lustre/ptlrpc: race in pinger (use-after-free situation)
X-Git-Tag: v3.12-rc1~183^2~776
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2080205729edf2a59296f17081c9aa25a7ed6368;p=pandora-kernel.git

staging/lustre/ptlrpc: race in pinger (use-after-free situation)

The race is result of use-after-free situation:

~ ptlrpc_stop_pinger()          ~ ptlrpc_pinger_main()
---------------------------------------------------------------
thread_set_flags(SVC_STOPPING)
cfs_waitq_signal(pinger_thread) ...
...                             thread_set_flags(SVC_STOPPED)
l_wait_event(thread_is_stopped)
OBD_FREE_PTR(pinger_thread)
...                             cfs_waitq_signal(pinger_thread)
---------------------------------------------------------------

The memory used by pinger_thread might have been freed and
reallocated to something else, when ptlrpc_pinger_main()
used it in cvs_waitq_signal().

Signed-off-by: Li Wei <wei.g.li@intel.com>
Signed-off-by: Dmitry Eremin <dmitry.eremin@intel.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3032
Lustre-change: http://review.whamcloud.com/6040
Reviewed-by: Faccini Bruno <bruno.faccini@intel.com>
Reviewed-by: Mike Pershin <mike.pershin@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Peng Tao <tao.peng@emc.com>
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

Reading git-diff-tree failed