<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi Joel,</div><div><br /></div><div>It looks good to me and i have sent a new patch for it.<br /></div><div><br /></div><div>Thanks,</div><div>Xu<br /></div><br /><br /><br /><div style="position:relative;zoom:1"></div><br /><pre><br />From: Joel Colledge <joel.colledge@linbit.com>
Date: 2022-04-20 18:22:32
To: Rui Xu <rui.xu@easystack.cn>
Cc: Philipp Reisner <philipp.reisner@linbit.com>,drbd-dev@lists.linbit.com,dongsheng.yang@easystack.cn
Subject: Re: [PATCH] drbd: fix a race of drbd_free_peer_req>Hi Xu,
>
>I think there is a potential race here, but I am not convinced that
>this is a general solution. The peer request could still be freed by
>got_peer_ack() between checking "list_empty(&peer_req->recv_order)"
>and freeing it in drbd_finish_peer_reqs(). Also, this solution keeps
>the page chain for peer requests for an unnecessarily long time, which
>is not ideal in memory constrained situations.
>
>The underlying race, as far as I understand it, is that got_peer_ack()
>can be called while still processing the request in
>drbd_finish_peer_reqs(). This is only relevant for peer writes and not
>resync, so only the e_end_block() path is of interest. got_peer_ack()
>will only be called after we have sent the corresponding barrier ack
>for the peer request.
>
>On the basis of this reasoning, I think a simple solution is to swap
>drbd_may_finish_epoch() and drbd_free_page_chain() in e_end_block().
>Please try this and send it as a patch if it solves your problem.
>
>By the way, this patch doesn't compile due to a mismatched brace.
>
>Best regards,
>Joel
</pre></div><br>