Red Hat Bugzilla – Bug 70607
Oops in get_filesystem_info due to lack of locking
Last modified: 2007-11-30 17:06:51 EST
Description of Problem:
If multiple mounts/unmounts are occurring, and a process is accessing/reading
from /proc/mounts, it is possible for an oops to occur on an SMP machine. This
is because the vfsmntlist can change while we're navigating it, but the code
doesn't grab any locks to prevent this. If a vfsmount "p" is removed from the
list while we're in d_path(), then we'll follow an invalid "next" pointer on
return from d_path().
Version-Release number of selected component (if applicable):
Any of 2.4.9-e.3, e.5 and e.8 are susceptible.
Steps to Reproduce:
1. Start some processes mounting and unmounting filesystems in a loop.
2. Repeatedly 'cat /proc/mounts' or otherwise read it.
3. Wait for the oops.
An oops happens.
No oops :-)
A suggested fix is to grab the dcache_lock which apparently protects vfsmntlist.
This seems reasonable since we only process one page worth of information.
Created attachment 68624 [details]
Suggested patch (wrong line numbers but it applies).
patch applied to the U4 update stream. changing state to modified.
kernel is available at:
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.