Bug 70607 - Oops in get_filesystem_info due to lack of locking
Summary: Oops in get_filesystem_info due to lack of locking
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel
Version: 2.1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Stephen Tweedie
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: 107565
TreeView+ depends on / blocked
 
Reported: 2002-08-02 20:43 UTC by Tim Wright
Modified: 2007-11-30 22:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-04-22 01:02:53 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Suggested patch (wrong line numbers but it applies). (879 bytes, patch)
2002-08-02 20:45 UTC, Tim Wright
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:105 0 normal SHIPPED_LIVE Moderate: kernel security update 2004-04-21 04:00:00 UTC

Description Tim Wright 2002-08-02 20:43:56 UTC
Description of Problem:
If multiple mounts/unmounts are occurring, and a process is accessing/reading
from /proc/mounts, it is possible for an oops to occur on an SMP machine. This
is because the vfsmntlist can change while we're navigating it, but the code
doesn't grab any locks to prevent this. If a vfsmount "p" is removed from the
list while we're in d_path(), then we'll follow an invalid "next" pointer on
return from d_path().

Version-Release number of selected component (if applicable):
Any of 2.4.9-e.3, e.5 and e.8 are susceptible.

How Reproducible:
100%.

Steps to Reproduce:
1. Start some processes mounting and unmounting filesystems in a loop.
2. Repeatedly 'cat /proc/mounts' or otherwise read it.
3. Wait for the oops.

Actual Results:
An oops happens.

Expected Results:
No oops :-)

Additional Information:
A suggested fix is to grab the dcache_lock which apparently protects vfsmntlist.
This seems reasonable since we only process one page worth of information.

Comment 1 Tim Wright 2002-08-02 20:45:23 UTC
Created attachment 68624 [details]
Suggested patch (wrong line numbers but it applies).

Comment 8 Jason Baron 2004-02-09 21:51:27 UTC
patch applied to the U4 update stream. changing state to modified.
kernel is available at:

http://people.redhat.com/~jbaron/.private/u4/2.4.9-e.37.3.test/



Comment 9 John Flanagan 2004-04-22 01:02:54 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-105.html



Note You need to log in before you can comment on or make changes to this bug.