From: Brian Behlendorf Date: Fri, 24 May 2013 22:55:28 +0000 (-0700) Subject: drivers/block/brd.c: fix brd_lookup_page() race X-Git-Tag: v3.10-rc3~12^2~8 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=dfd20b2b174d3a9b258ea3b7a35ead33576587b1;p=users%2Fhch%2Fmisc.git drivers/block/brd.c: fix brd_lookup_page() race The index on the page must be set before it is inserted in the radix tree. Otherwise there is a small race which can occur during lookup where the page can be found with the incorrect index. This will trigger the BUG_ON() in brd_lookup_page(). Signed-off-by: Brian Behlendorf Reported-by: Chris Wedgwood Cc: Jens Axboe Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/block/brd.c b/drivers/block/brd.c index f1a29f8e9d33..9bf4371755f2 100644 --- a/drivers/block/brd.c +++ b/drivers/block/brd.c @@ -117,13 +117,13 @@ static struct page *brd_insert_page(struct brd_device *brd, sector_t sector) spin_lock(&brd->brd_lock); idx = sector >> PAGE_SECTORS_SHIFT; + page->index = idx; if (radix_tree_insert(&brd->brd_pages, idx, page)) { __free_page(page); page = radix_tree_lookup(&brd->brd_pages, idx); BUG_ON(!page); BUG_ON(page->index != idx); - } else - page->index = idx; + } spin_unlock(&brd->brd_lock); radix_tree_preload_end();