git.baikalelectronics.ru Git - kernel.git/commit

author	Lars Ellenberg <lars.ellenberg@linbit.com>
	Wed, 25 Feb 2015 12:53:28 +0000 (13:53 +0100)
committer	Jens Axboe <axboe@fb.com>
	Wed, 25 Nov 2015 16:22:01 +0000 (09:22 -0700)
commit	bdfaed44da200c0492ce52769765a6e63c36f14f
tree	55b95aa5f7bcb8bc4066ee8704490d80bcfda093	tree \| snapshot
parent	e3092c8bc5cc99698eb9f828ae4362beb65e89c3	commit \| diff

drbd: fix NULL deref in remember_new_state

The recent (not yet released) backport of the extended state broadcasts
to support the "events2" subcommand of drbdsetup had some glitches.

remember_old_state() would first count all connections with a
net_conf != NULL, then allocate a suitable array, then populate that
array with all connections found to have net_conf != NULL.

This races with the state change to C_STANDALONE,
and the NULL assignment there.

remember_new_state() then iterates over said connection array,
assuming that it would be fully populated.

But rcu_lock() just makes sure the thing some pointer points to,
if any, won't go away. It does not make the pointer itself immutable.

In fact there is no need to "filter" connections based on whether or not
they have a currently valid configuration. Just record them always, if
they don't have a config, that's fine, there will be no change then.

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <axboe@fb.com>