[Drbd-dev] [PATCH] Fixed possible use after free in drbd_thread_setup
Lars Ellenberg
lars.ellenberg at linbit.com
Fri Dec 22 15:50:52 CET 2017
On Thu, Dec 21, 2017 at 06:53:30PM +0100, johannes at johannesthoma.com wrote:
> drbd_thread might already be freed when complete returns,
The lifetime of our "struct drbd_tread" thingies, which are embeded in
our struct drbd_resource and struct drbd_connection,
is different from the "running" time of the threads.
So no, this won't happen.
> hence we shouldn't access the drbd_thread object (thi)
> after calling complete().
>
> I am not 100% sure if this creates any further races,
Moving that complete out of the spinlock would introduce
potential races between drbd_thread_setup, drbd_thread_start,
and _drbd_thread_stop, yes.
Lars
More information about the drbd-dev
mailing list