From 261a3151e16851304eb3e36af2681d1d1579b08f Mon Sep 17 00:00:00 2001 From: Gvozden Neskovic Date: Thu, 3 Aug 2017 05:42:58 +0200 Subject: [PATCH] spl-mutex: fix race in mutex_exit Prevent race on accessing kmutex_t when the mutex is embedded in a ref counted structure. Reviewed-by: Brian Behlendorf Reviewed-by: Chunwei Chen Signed-off-by: Gvozden Neskovic Closes zfsonlinux/zfs#6401 Closes #637 --- include/sys/mutex.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/sys/mutex.h b/include/sys/mutex.h index 3192352..8a98a92 100644 --- a/include/sys/mutex.h +++ b/include/sys/mutex.h @@ -183,12 +183,13 @@ spl_mutex_lockdep_on_maybe(kmutex_t *mp) \ */ #define mutex_exit(mp) \ { \ - spl_mutex_lockdep_off_maybe(mp); \ - spin_lock(&(mp)->m_lock); \ spl_mutex_clear_owner(mp); \ + spin_lock(&(mp)->m_lock); \ + spl_mutex_lockdep_off_maybe(mp); \ mutex_unlock(MUTEX(mp)); \ - spin_unlock(&(mp)->m_lock); \ spl_mutex_lockdep_on_maybe(mp); \ + spin_unlock(&(mp)->m_lock); \ + /* NOTE: do not dereference mp after this point */ \ } int spl_mutex_init(void); -- 2.40.0