-
由 Zhiqiang Liu 提交于
hulk inclusion category: bugfix bugzilla: 13690 CVE: CVE-2020-12771 --------------------------- coccicheck reports: drivers/md//bcache/btree.c:1538:1-7: preceding lock on line 1417 btree_gc_coalesce func is designed to coalesce two adjacent nodes in new_nodes[GC_MERGE_NODES] and finally release one node. All nodes`write_lock, new_nodes[i]->write_lock, are holded before coalescing adjacent nodes, and them will be released after coalescing successfully. However, if the coalescing process fails, such as no enough space of new_nodes[1] to fit all of the remaining keys in new_nodes[0] and realloc keylist failed, we will goto to out_nocoalesce tag directly without releasing new_nodes[i]->write_lock. Then, a deadlock will occur after calling btree_node_free to free new_nodes[i], which also try to acquire new_nodes[i]->write_lock. Here, we add a new tag 'out_unlock_nocoalesce' before out_nocoalesce tag to release new_nodes[i]->write_lock when coalescing process fails. Fixes: 2a285686 ("bcache: btree locking rework") Signed-off-by: NZhiqiang Liu <liuzhiqiang26@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
13a09ade