summaryrefslogtreecommitdiff
path: root/net/lapb/lapb_iface.c
diff options
context:
space:
mode:
authorAlexander Aring <aahringo@redhat.com>2022-04-29 11:06:51 -0400
committerDavid Teigland <teigland@redhat.com>2022-05-02 11:15:59 -0500
commit1689c169134f4b5a39156122d799b7dca76d8ddb (patch)
tree2ae47cfaebf7accc7206d78bcc6985eb067fa624 /net/lapb/lapb_iface.c
parente425ac99b1573692fc4bb5bda1040caccb127490 (diff)
dlm: fix missing lkb refcount handling
We always call hold_lkb(lkb) if we increment lkb->lkb_wait_count. So, we always need to call unhold_lkb(lkb) if we decrement lkb->lkb_wait_count. This patch will add missing unhold_lkb(lkb) if we decrement lkb->lkb_wait_count. In case of setting lkb->lkb_wait_count to zero we need to countdown until reaching zero and call unhold_lkb(lkb). The waiters list unhold_lkb(lkb) can be removed because it's done for the last lkb_wait_count decrement iteration as it's done in _remove_from_waiters(). This issue was discovered by a dlm gfs2 test case which use excessively dlm_unlock(LKF_CANCEL) feature. Probably the lkb->lkb_wait_count value never reached above 1 if this feature isn't used and so it was not discovered before. The testcase ended in a rsb on the rsb keep data structure with a refcount of 1 but no lkb was associated with it, which is itself an invalid behaviour. A side effect of that was a condition in which the dlm was sending remove messages in a looping behaviour. With this patch that has not been reproduced. Cc: stable@vger.kernel.org Signed-off-by: Alexander Aring <aahringo@redhat.com> Signed-off-by: David Teigland <teigland@redhat.com>
Diffstat (limited to 'net/lapb/lapb_iface.c')
0 files changed, 0 insertions, 0 deletions