dgit.raspbian.org Git - xen.git/commit

author	Bob Liu <lliubbo@gmail.com>
	Tue, 28 Jan 2014 04:28:23 +0000 (12:28 +0800)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Wed, 9 Apr 2014 13:05:20 +0000 (09:05 -0400)
commit	108c6d26b06f90c5611b4d7c426f21cc010ea114
tree	adc68983140723de43f4ec5c4749d26b03a3966f	tree \| snapshot
parent	3c7b10514ce32fc323be2ae5b3b5014ae1f2a627	commit \| diff

tmem: bugfix in obj allocate path

There is a potential bug in the obj allocate path. When there are parallel
callers allocate a obj and insert it to pool->obj_rb_root, an unexpected
obj might be returned (both callers use the same oid).

Caller A:                            Caller B:

obj_find(oidp) == NULL               obj_find(oidp) == NULL

write_lock(&pool->pool_rwlock)
obj_new():
    objA = tmem_malloc()
    obj_rb_insert(objA)
wirte_unlock()
                                     write_lock(&pool->pool_rwlock)
                                     obj_new():
                                        objB = tmem_malloc()
                                        obj_rb_insert(objB)
                                     write_unlock()

Continue write data to objA
But in future obj_find(), objB
will always be returned.

The route cause is the allocate path didn't check the return value of
obj_rb_insert(). This patch fix it and replace obj_new() with better name
obj_alloc().

Signed-off-by: Bob Liu <bob.liu@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>