Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
3
-
9223372036854775807
Description
In lustre/mdc/mdc_changelog.c:
/**
* Find the OBD device associated to a changelog character device.
* @param[in] cdev character device instance descriptor
* @return corresponding OBD device or NULL if none was found.
*/
static struct obd_device *chlg_obd_get(dev_t cdev)
{
int minor = MINOR(cdev);
struct obd_device *obd = NULL;
struct chlg_registered_dev *curr;
mutex_lock(&chlg_registered_dev_lock);
list_for_each_entry(curr, &chlg_registered_devices, ced_link) {
if (curr->ced_misc.minor == minor) {
/* take the first available OBD device attached */
obd = list_first_entry(&curr->ced_obds,
struct obd_device,
u.cli.cl_chg_dev_linkage);
break;
}
}
mutex_unlock(&chlg_registered_dev_lock);
return obd;
}
The "take the first available OBD device attached" approach is broken as that OBD might go away while the changelog is being read.
Here is an example of how things can go wrong:
- mount lustre at /mnt/lustre;
- mount the same lustre filesystem at /mnt/lustre2;
- open /dev/changelog-lustre-MDT0000 in writing mode;
- unmount /mnt/lustre;
- write 'clear:cl0:0' to the opened chardevice.
That triggers an LBUG.
